Episode Details

(00:00:00) The Future of PowerShell Scripting
(00:00:24) The End of Modules
(00:00:41) REST API: The Better Alternative
(00:03:39) Token Acquisition Methods
(00:04:48) The Core REST Pattern
(00:05:34) Common Mistakes to Avoid
(00:06:23) Quick Wins with Graph
(00:07:20) Enterprise Demo 1: Intune Device Cleanup
(00:10:22) Enterprise Demo 2: Identity Onboarding
(00:13:16) Enterprise Demo 3: Compliance Drift Detection

If your PowerShell scripts still Import-Module MSOnline or AzureAD, they’re already legacy. And if you just thought “That’s not me,” this episode is exactly for you. The cloud moved on. Your modules didn’t. They break on Linux runners, containers, CI/CD. REST doesn’t. PowerShell isn’t dead — but the “old module era” is. We’re going API-first with Microsoft Graph, and in this session you’ll see the pattern and walk away with scripts that run anywhere. You’ll learn:

• The API-first, module-free PowerShell pattern for Microsoft Graph
• Three auth flows (device code, cert-based, Managed Identity) and when to use each
• Three enterprise demos: Intune cleanup, identity onboarding, and compliance drift remediation
• The stupidly simple Graph gotcha that breaks most scripts (and how to never hit it again)

If you’re still loading legacy modules in 2025, you’re basically heating the office with old Exchange servers. 🔥 Why PowerShell Without Modules Is the Future We start by ripping off the band-aid:

• Everything that matters is in Microsoft Graph now
  • Users, groups, devices, Intune, Teams, SharePoint, licenses, app regs, and more
  • The portal rides Graph. Your scripts should too.
• REST beats modules in 2025:
  • No module load times
  • No dependency roulette or weird version drift
  • No “works on my laptop” when your CI/CD runner is Linux
• Tokens beat credentials. Full stop.
  • OAuth2 + certificates or Managed Identity
  • Short-lived tokens, clean audit trails
  • No passwords in scripts, no sticky notes, no “who owns this account?” drama
• Cloud-native, cross-platform reality:
  • PowerShell Core works on Windows, Linux, containers, GitHub Actions, Functions
  • Graph is the constant behind all of them
  • Invoke-RestMethod + Graph works everywhere
• Why security and leadership like this:
  • Least-privilege scopes per job / app registration
  • Admin consent reviewed on schedule
  • Every call has request IDs & correlation IDs for audits
  • You don’t depend on a third-party module maintainer’s calendar

Key idea:
Modules lag. Graph is always first. If a feature exists, it lands in Graph before it shows up in a PowerShell module—if it ever does. 🧩 The Core Pattern: PowerShell + REST + Graph We walk through the one pattern you’ll reuse for everything: Token → Headers → REST call → Paging/Retry → Done 1. Get a Token (Three Real-World Flows)

• Device Code (local dev & testing)
  • Great for: interactive console dev
  • Flow: request code → browser prompt → token for https://graph.microsoft.com with scopes
  • Not for production (humans are flaky)
• Client Credentials + Certificate (headless automation)
  • For: CI/CD, scheduled jobs, back-end services
  • App registration with only required Graph app roles
  • JWT signed with cert → token for https://graph.microsoft.com/.default
  • No client secrets in scripts. Ever.
• Managed Identity (cloud-native, best option)
  • For: Azure Automation, Functions, VMs, containers in Azure
  • Call local identity endpoint → get Graph token
  • No secrets. No Key Vault lookups in the script. Just proper RBAC.

2. Build the Headers Simple but critical:

• Authorization: Bearer
• Content-Type: application/json for re