What's new in Microsoft Entra PowerShell

What's new in docs

November 2025

New articles

• Install Microsoft Entra PowerShell offline - Learn how to install the Microsoft Entra PowerShell module in offline environments by using nupkg files and a local repository.
• Manage administrative units - Learn how to manage administrative units for granular delegation of permissions in Microsoft Entra ID.
• Manage Microsoft MCP Server for Enterprise permissions - Learn how to grant and revoke delegated permissions for MCP clients to access enterprise resources through Microsoft MCP Server.

June 2025

New articles

• Generate a password expiration report using Microsoft Entra PowerShell - Learn how to generate and export a report of users with expired or soon-to-expire passwords.
• Manage per-user MFA settings in Microsoft Entra ID - Learn how to configure and manage multi-factor authentication settings for individual users.
• View and export apps with expiring secrets and certificates - Learn how to identify and export a list of applications with secrets or certificates that are about to expire.
• View and export delegated permissions for users and service principals - Learn how to identify and export delegated permissions assigned to users and service principals.

Updated articles

• Manage guest accounts using Microsoft Entra PowerShell - Add examples for managing guest sponsors.

April 2025

New articles

• Offboard users - Learn how to offboard users by invalidating sessions, resetting passwords, and removing device ownership.

Updated articles

• Manage guest users - Refined code snippets to improve readability and ensure alignment with best practices.
• Manage users - Refined code snippets to improve readability and ensure alignment with best practices.
• Manage user licenses using Microsoft Entra PowerShell - Improved metadata and keywords for better search engine visibility.

Latest (recommended) version

• Version 1.3.0 - May 2026

  • Features:

    • Promoted the Agent ID cmdlet set to General Availability (GA) in the Microsoft.Entra (v1.0) module, providing a production-ready experience for managing Agent identity blueprints, Agent identities, and Agent users in Microsoft Entra ID.

  • New Commands:

    • Add-EntraClientSecretToAgentIdentityBlueprint: Adds a client secret to an Agent Identity Blueprint.
    • Add-EntraInheritablePermissionsToAgentIdentityBlueprint: Configures Microsoft Graph permissions and consent flows.
    • Add-EntraPermissionsToInheritToAgentIdentityBlueprintPrincipal: Adds permissions to inherit to the Agent Identity Blueprint Principal.
    • Add-EntraPermissionToCreateAgentUsersToAgentIdentityBlueprintPrincipal: Grants permission to create Agent Users to the Agent Identity Blueprint Principal.
    • Add-EntraRequiredResourceAccessToAgentIdentityBlueprint: Adds required resource access to an Agent Identity Blueprint.
    • Add-EntraScopeToAgentIdentityBlueprint: Adds OAuth2 permission scopes to a blueprint.
    • Get-EntraAgentIdentity: Gets an Agent Identity by its ID.
    • Get-EntraAgentIdentityBlueprint: Retrieves an existing Agent Identity Blueprint.
    • Get-EntraAgentIdentityBlueprintPrincipal: Retrieves the service principal for an Agent Identity Blueprint.
    • Get-EntraAgentUser: Retrieves an Agent User.
    • Invoke-EntraAgentIdInteractive: Launches an interactive wizard for Agent ID setup.
    • New-EntraAgentIdentityBlueprint: Creates a new Agent Identity Blueprint with sponsors and owners.
    • New-EntraAgentIdentityBlueprintPrincipal: Creates a service principal for an Agent Identity Blueprint.
    • New-EntraAgentIDForAgentIdentityBlueprint: Creates agent identities under a blueprint.
    • New-EntraAgentUserForAgentId: Creates Agent Users with auto-generated UPN and mailNickname.
    • Remove-EntraAgentIdentity: Deletes an Agent Identity.
    • Remove-EntraAgentIdentityBlueprint: Deletes an Agent Identity Blueprint.
    • Remove-EntraAgentUser: Deletes an Agent User.

  • Other Changes:

    • Removed the deprecated AzureAD module dependency from the build pipeline.
    • Added contributor testing and local build documentation.

Module version history

Version 1.2.0 - January 2026

• Features:

  • Migrated the Agent ID cmdlet set from Microsoft Identity Tools PowerShell module into Microsoft Entra Powershell, delivering a production-ready implementation for managing Agent identity blueprints and Agent identities in Microsoft Entra ID.

• New Commands:

  • Add-EntraBetaClientSecretToAgentIdentityBlueprint: Adds a 90-day client secret to a blueprint with retry logic.
  • Add-EntraBetaInheritablePermissionsToAgentIdentityBlueprint: Configures Microsoft Graph permissions and consent flows.
  • Add-EntraBetaPermissionsToInheritToAgentIdentityBlueprintPrincipal: Opens admin consent page in browser for Agent Identity Blueprint Principal to inherit permissions.
  • Add-EntraBetaPermissionToCreateAgentUsersToAgentIdentityBlueprintPrincipal: Grants permission to create Agent Users to the Agent Identity Blueprint Principal.
  • Add-EntraBetaRedirectURIToAgentIdentityBlueprint: Adds web redirect URIs for authentication callbacks.
  • Add-EntraBetaScopeToAgentIdentityBlueprint: Adds OAuth2 permission scopes to a blueprint.
  • Get-EntraBetaAgentIdentity: Gets an Agent Identity by its ID.
  • Get-EntraBetaAgentIdentityToken: Acquires tokens for multiple authentication modes (app-only, OBO, user).
  • Invoke-EntraBetaAgentIdInteractive: Launches an interactive wizard for Agent ID setup.
  • New-EntraBetaAgentIdentityBlueprint: Creates a new Agent Identity Blueprint with sponsors and owners.
  • New-EntraBetaAgentIdentityBlueprintPrincipal: Creates a service principal for the Agent Identity Blueprint.
  • New-EntraBetaAgentIDForAgentIdentityBlueprint: Creates agent identities under a blueprint using stored credentials.
  • New-EntraBetaAgentIDUserForAgentId: Creates agent users with auto-generated UPN and mailNickname.

• Bug Fixes:

  • Enabled support for the -PreAuthorizedApplications parameter in the Set-EntraBetaApplication cmdlet, enabling users to configure pre-authorized applications for an Entra application.
  • Updated the InvitedUser and InvitedUserMessageInfo parameter types. New-EntraBetaInvitation commands now use interfaces from Microsoft.Graph.Beta.PowerShell.Models, while New-EntraInvitation commands use interfaces from Microsoft.Graph.PowerShell.Models.

Version 1.1.0 - December 2025

• Features:

  • Removed version pinning of Microsoft Graph PowerShell modules from version 2.25.0 to allow users to use the latest version of the module without any version restriction.
  • Added sample scripts on how to apply batch operations in Graph API calls for performance improvement on operations involving a lot of API calls.

• New Parameters:

  • Get-EntraDevice & Get-EntraBetaDevice:
    • Added -LogonTimeBefore parameter to filter devices with last sign-in before a specified date.
    • Added -Stale parameter to filter devices that haven't signed in for 2 months or more.
    • Added -NonCompliant parameter to filter devices that are not compliant with organizational policies.
    • Added -IsManaged parameter to filter devices based on whether they are managed by a Mobile Device Management (MDM) solution.
    • Added -JoinType parameter to filter devices by join type: MicrosoftEntraJoined, MicrosoftEntraHybridJoined, or MicrosoftEntraRegistered.
  • Get-EntraServicePrincipal & Get-EntraBetaServicePrincipal:
    • Added -AssignmentRequired parameter to filter by whether user assignment is required to access the application. When set to $true, returns only service principals where user assignment is required. When set to $false, returns only service principals where user assignment is not required.
    • Added -ApplicationType parameter to filter by application type such as: AppProxyApps, EnterpriseApps, ManagedIdentity and MicrosoftApps.

• Bug Fixes:

  • Fixed an issue where Microsoft.Entra.Beta.Applications module was experiencing a parsing issue in PowerShell 5.1.