Microsoft has just released Microsoft Entra PowerShell v1.2.0 (announced on January 15, 2026), marking one of the most significant updates to date for automating identity and access management in Microsoft Entra ID (formerly Azure AD). This version brings full production-ready support for Agent Identity Blueprints, enhanced application configuration, and modernized B2B invitation APIs aligned with the latest Microsoft Graph models.
If you’re managing Microsoft Entra environments—especially for secure multi-tenant apps, agent-based automation, or B2B collaboration—this release makes life much easier with powerful new cmdlets and improvements.
Why This Release Matters
Agent Identities enable autonomous, secure automation scenarios (like AI agents or background services) without relying on user accounts. The new blueprint system lets you define, provision, and manage these identities end-to-end directly from PowerShell—complete with secrets, permissions, redirect URIs, and token acquisition.This is particularly valuable for:Building secure, multi-tenant applicationsAutomating identity lifecycle managementStreamlining application-to-application authorizationEnhancing B2B collaboration workflows.
Key New Features and Cmdlets
The highlight is a complete set of cmdlets for Agent Identity Blueprint management, plus upgrades to existing functionality.
Agent Identity Blueprint Cmdlets (Beta Module)
These cmdlets allow full automation of Agent Identities:New-EntraBetaAgentIdentityBlueprint — Creates a new blueprint, sets sponsors/owners, provisions the Service Principal, assigns permissions, and returns metadata.
Add-EntraBetaClientSecretToAgentIdentityBlueprint — Adds a secure 90-day client secret with built-in retry logic for reliability.
Add-EntraBetaInheritablePermissionsToAgentIdentityBlueprint — Configures inheritable Microsoft Graph permissions (delegated/app scopes) and can trigger admin consent flows.
Add-EntraBetaScopeToAgentIdentityBlueprint — Adds OAuth2 permission scopes with display names, descriptions, and identifier URIs.
Add-EntraBetaRedirectURIToAgentIdentityBlueprint — Adds web redirect URIs for authentication callbacks.
New-EntraBetaAgentIdForAgentIdentityBlueprint — Provisions Agent Identities using stored blueprint credentials.
New-EntraBetaAgentIdUserForAgentId — Creates parented users under an Agent Identity with auto-generated mailNickname and UPN.
Get-EntraBetaAgentIdentityToken — Acquires access tokens for AutonomousApp, AutonomousUser, or On-Behalf-Of (OBO) flows.
Invoke-EntraBetaAgentIdInteractive — Interactive 7-phase wizard for end-to-end setup (great for first-timers or complex configs).
Enhanced Application Managemen
Set-EntraBetaApplication now includes the -PreAuthorizedApplications parameter. This lets you configure pre-authorized clients and their delegated scopes directly—no more manual Graph API tweaks!
Updated B2B Invitation Cmdlets
Invitation APIs are now fully aligned with modern Microsoft Graph Beta models:
New-EntraBetaInvitation and New-EntraInvitation use updated parameter types (e.g., InvitedUser and InvitedUserMessageInfo now reference the latest Graph models) for better type safety and consistency.
No major breaking changes are noted, though scripts using older invitation parameter types may need minor adjustments.
How to Install or Upgrade
Install the specific version from the PowerShell Gallery (use -Force and -AllowClobber to overwrite if needed):
For the stable (GA) module:
Install-Module -Name Microsoft.Entra -RequiredVersion 1.2.0 -Repository PSGallery -Force -AllowClobber
For the beta module (recommended for new Agent Identity features):
Install-Module -Name Microsoft.Entra.Beta -RequiredVersion 1.2.0 -Repository PSGallery -Force -AllowClobber
After installation, connect with Connect-Entra and start exploring!
Final Thoughts
This update strengthens Microsoft Entra PowerShell as the go-to tool for modern identity automation—especially with the shift away from legacy Azure AD modules. The Agent Identity support is a game-changer for secure, unattended operations in cloud environments.For full details, check the official announcement: Announcing Microsoft Entra PowerShell v1.2.0Have you started using Agent Identities yet? Drop a comment or reach out if you’d like sample scripts for your VMware/cloud setups—this pairs nicely with hybrid identity scenarios!Stay tuned for more Entra + PowerShell tips on vmorecloud.com
