Interact with Azure AD without using Online Service Sign-In assistant

Interact with Azure AD without using Online Service Sign-In assistant

Q. How can I interact with Azure AD from PowerShell without having to install the Online Services Sign-In assistant?

A. For the full set of capabilities for Azure AD management via PowerShell you need to install the Microsoft Online Services Sign-In Assistant for IT Professionals and the Azure Active Directory module which is documented at If you do not want to or cannot install the Sign-In Assistant another option is to create a session to the Office PowerShell environment which exposes MOST of the Office functionality but not the Azure AD full set of features. To use this approach use:

$MyCredentials = Get-Credential
$OffSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri `
    -Credential $MyCredentials -Authentication Basic -AllowRedirection
Import-PSSession $OffSession

For full Azure AD functionality without using the online sign-in assistant the Graph API can be used which is like LDAP for Azure AD. While you can directly interact with Graph API from PowerShell since its a REST API (I covered this at there is also a PowerShell module that provides a thin wrapper for the Graph API which makes it much easier to use. This can be downloaded from which also contains instructions for how to use and a good blog is available at provides a list of REST operations available for user operations via the Graph API. Below is an example usage to reset a password. Note you need a credential who will make the change then the user whose password will be changed.

$user = "[email protected]"
$userpass = "Password5"
$APIVersion = "1.5"
$AppIdURI = ""
$usertochange = "[email protected]"
$NewPassword = "NewPa55word"

# Set up connection object to pass into Invoke-AzureADMethod
$ADConnection = @{"Username"=$user;"AzureADDomain"=$AzureADDomain;"Password"=$userpass;"APPIdURI"=$AppIdURI;"APIVersion"=$APIVersion}
$URI = "$AzureADDomain/users/$usertochange" 
$body = @"
    "passwordProfile": {
    "password": "$NewPassword",
    "forceChangePasswordNextLogin": false

$UserUpdate = Invoke-AzureADMethod -URI $URI -Connection $ADConnection -Body $body -Method PATCH


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.