With Microsoft retiring the MSOnline module, the PowerShell cmdlet Connect-MsolService is becoming a thing of the past. If you're still using it to connect to Azure AD for managing users, groups, and licenses, now’s the time to migrate to Connect-MgGraph—the modern, secure, and supported authentication method under the Microsoft Graph PowerShell SDK.
This article walks you through what you used to do with Connect-MsolService, how it compares with Connect-MgGraph, and what you need to know to make a smooth transition.
In the MSOnline module, the first step to running any administrative command was authenticating via:
Connect-MsolServiceThis would open a login prompt for your Microsoft 365 account, and once authenticated, you'd gain access to all MSOL cmdlets like Get-MsolUser, New-MsolGroup, and more.
It required no specific permissions to be declared at the time of connection, which made it simpler—but also less secure and flexible.
In the Microsoft Graph PowerShell SDK, you now authenticate using:
Connect-MgGraph -Scopes "User.Read.All"You must specify the scope of access (permissions) required for your session. This aligns with Microsoft’s modern security practices and improves visibility and control.
If you haven't already installed Microsoft Graph PowerShell, use the following command:
Install-Module Microsoft.Graph -Scope CurrentUserTip: Always run PowerShell as Administrator for module installations.
| Scope | Description |
| User.Read.All | Read all users in the directory |
| User.ReadWrite.All | Read and write user data |
| Group.Read.All | Read group data |
| Group.ReadWrite.All | Read and write group data |
Connect-MgGraph -Scopes "User.Read.All"
Connect-MgGraph -Scopes "User.ReadWrite.All"
Connect-MgGraph -Scopes "Group.Read.All"
Connect-MgGraph -Scopes "Group.ReadWrite.All"
You can also request multiple scopes at once:
Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All"| Old (Connect-MsolService) | New (Connect-MgGraph) |
| No permission scopes required | Requires declaring scopes (-Scopes) |
| Connects only to Azure AD/MSOL API | Connects to Microsoft Graph API |
| Static permission assignment | Dynamic, consent-based permission model |
| Deprecated and unsupported | Fully supported and actively maintained |
| No access token control | Modern auth with token-based access |
Connect-MgGraph is more than just a replacement for Connect-MsolService — it’s a leap forward in security, flexibility, and future-proofing your scripts. By explicitly declaring permissions and aligning with Microsoft Graph, you're embracing Microsoft's recommended best practices.
If you're managing Microsoft 365 today, it's no longer a question of if you'll switch — it's when. And that time is now.
© m365corner.com. All Rights Reserved. Design by HTML Codex