💡 Summary

Based on #1592 we are replacing the cmdlets contained in the MS Graph Powershell modules listed below with directly calls to their respective REST API endpoint for significant improvements.

• Microsoft.Graph.Applications
• Microsoft.Graph.Beta.Identity.DirectoryManagement
• Microsoft.Graph.Beta.DirectoryObjects

Motivation and context

The Entra Id provider is the slowest of the M365 services audited by ScubaGear and we are continuously improving its performance for a better user experience, faster automation (i.e. processes like GitHub actions run much faster) and increased productivity for the development (because we spend less time waiting for the provider to execute.

Implementation notes

Perform these actions for each of the three modules noted above

• Canvass the ExportAADProvider.psm1 file to determine which cmdlets from the modules above need to be replaced
• For each of the cmdlets identified determine its Graph REST URI (e.g. /beta/users/{id}) and modify $GraphEndpoints hashtable at the top of the file to include the cmdlet name and REST URI
• Replace the part of the code that calls each cmdlet with a call to our custom function Invoke-GraphDirectly instead
• Each of the cmdlets return an object. You will need to modify references to the return objects because the field names that come back from the REST endpoints are slightly different than the ones that the cmdlets use. In general you should hopefully just need to change the case of the starting letter of a field name from caps (e.g. D) to lower case (e.g. d). See separate comment below for screenshots.
• Modify the Rego rulesets that reference any of the affected field names. Those will also need to change from starting with upper case to starting with lower case.
• Modify the Rego unit tests
• Modify the Powershell unit tests (if there are any affected by these changes)
• Remove the Powershell modules from our installation dependencies list in RequiredVersions.ps1