Share via

Empower your automation with Microsoft Graph PowerShell | Quick Guide

  • Article

Overview

Microsoft Graph is a RESTful API that enables developers to interact with data from various Microsoft services such as Office 365, OneDrive, Azure Active Directory, and more. PowerShell is a command-line shell and scripting language that is used to automate tasks and manage configurations.
To interact with Microsoft Graph using PowerShell, you can use the Microsoft Graph PowerShell module. The module provides cmdlets that allow you to easily manage resources such as users, groups, and files.

Packaging

Microsoft Graph PowerShell is packaged as the Microsoft.Graph module in PowerShell gallery as the root module, with multiple child modules. Microsoft.Graph acts as a container for the other modules.

Microsoft.Graph.Authentication is the core module, which contains the following components:

Connect-MgGraph: to sign in to Microsoft Graph
Invoke-MgGraphRequest: to issue REST API requests for the Microsoft Graph API
Commands to switch between beta and V1.0 versions of the SDK
Commands to discover permissions and API-specific Graph commands in other modules

Commands are named like {Verb}-Mg {Resource} (a Graph API resource) for example, user,group, and application. For example, in the command Get-MgUser, get is the verb and user the resource.

Installation

To get started, you'll need to install the Microsoft Graph PowerShell module by running the following command in PowerShell:

Installing the main module of the SDK, Microsoft.Graph, will install all the 38 sub modules. Consider installing only the necessary modules, including Microsoft.Graph.Authentication, which is installed by default when you opt to install the sub modules individually. For a list of available Microsoft Graph modules, use Find-Module Microsoft.Graph*. Only cmdlets for the installed modules will be available for use.

Install-Module -Name Microsoft.Graph

Sign in Connect-MgGraph

Microsoft Graph PowerShell supports two types of authentication: delegated and app-only access.
In delegated access, the -Scopes parameter is optional, only needed if you don't have consent. For example, if you don't have consent for User.Read.All and you need it, specify it with the -Scopes parameter. Next time you use Connect-MgGraph, you won't need to specify the User.Read.All scope.

Once installed, you can connect to Microsoft Graph using the following cmdlet:

Connect-MgGraph -Scopes "User.Read.All","Group.Read.All"

This cmdlet will prompt you to log in to your Microsoft account and grant the necessary permissions to the application.
After connecting, you can use the various cmdlets provided by the module to manage resources in Microsoft Graph. For example, to get information about all the users in your organization, you can use the following command:

<span style="font-size: 12.1px;">Get-MgUser</span><br>

 

Using Find-MgGraphCommand

Find-MgGraphCommand -Command 'Get-MgUser'

Using Find-MgGraphPermission

Find-MgGraphPermission helps you find what permissions are applicable to a certain domain. You'll use permissions to sign in to your application using the Connect-MgGraph.

Find-MgGraphPermission user.read

Using Select-MgProfile

By default, the Microsoft Graph PowerShell commands target the v1.0 API versi vilable in beta aren't available in PowerShell by default.
To check your current profile, run:

Get-MgProfile

To change to the beta version, use Select-MgProfile.

Select-MgProfile -Name Beta

Conclusion

Overall, using the Microsoft Graph PowerShell module can greatly simplify the process of interacting with data from various Microsoft services, making it a powerful tool for automation and management.