Blog Post

Microsoft Entra Blog
4 MIN READ

Azure AD: Change Management Simplified

ShobhitSahay's avatar
ShobhitSahay
Icon for Microsoft rankMicrosoft
Mar 01, 2022
Editor's Note: This is not the blog you are looking for... You're probably not looking for feature information from 2022, are you?  Here are a few links that might be more aligned with your needs: ...
ChangeCommsTimeline.png
Updated May 12, 2025
Version 5.0
Product Announcements
ShobhitSahay's avatar
Icon for Microsoft rankMicrosoft
Joined October 17, 2018
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.
ChrisAtMaf's avatar
ChrisAtMaf
Iron Contributor
Mar 09, 2022

As mentioned before, it's quite frustrating that the automation interfaces for Azure and Microsoft 365 are in a constant state of flux. As something to bear in mind, system administrators are not developers. We don't expect API calls etc to change every 5 minutes. In the past, Windows tools such as cmd.exe, VBScript and other automation instances have worked across all versions of Windows, with backwards compatibility a priority. When it comes to Microsoft 365 / Azure, we've been through four incomplete iterations:

  • The MSOnline module, which is *still* required for stable access to MFA (support under Microsoft Graph is still in beta - I'm sorry, but having used beta endpoints in the past, they are subject to change at any point, so there's no point investing time in updating scripts until they are released to general availability.)
  • The AzureAD module, which is buggy and often doesn't seem to support pipelining properly (try piping things into Get-AzureADUser, for example).
  • The AzureAD module cmdlets which are identical to existing ones but use MS Graph (e.g. Get-AzureADMSGroup) and are necessary to get all functionality
  • Now the plethora of MS Graph modules

Why do we have to keep updating our scripts to keep existing functionality working? Why can't you improve and evolve rather than continuously trying to reinvent the wheel?

We all know that it would be possible (although a fair amount of work) to ensure backwards compatibility for these modules - keep the modules the same, but update the back end to use Microsoft Graph. In the past this would have been Microsoft's approach (read Raymond Chen's 'The Old New Thing' for how much work Microsoft used to put in to avoid these kinds of issues in previous Windows releases). Not ensuring backwards compatibility is one of the mistakes that led to the huge backlash for products like Microsoft Vista. Indeed it seems that the Windows team still understand this - when will Microsoft's cloud services teams learn? By all means progress with new technologies like Microsoft Graph - but don't forget the backwards compatibility religion. It's why many of us continue to choose Microsoft products - but if that benefit is taken away, why should we remain?