Skip to content

Latest commit

 

History

History
129 lines (90 loc) · 3.57 KB

02-MSGraphPosh.md

File metadata and controls

129 lines (90 loc) · 3.57 KB

MS Graph & PowerShell

Based on MS Training - Introduction to Microsoft Graph PowerShell
and MS Training - Manage Windows updates for cloud-connected devices by using the Microsoft Graph PowerShell SDK.

Objectives

  • Understanding of MS Graph PowerShell SDK

  • Overview on types of processes that MS Graph PowerShell can automate

  • Application scenarios on Azure AD and MS 365

    • Adding new users
    • removing access from previous users
    • update user info
    • reset passwords
    • manage access to resources by assigning roles to users
    • ...

What is Microsoft Graph PowerShell?

  • SDK (Software Development Kit) for access to MS Graph REST API
  • Acts As API wrapper for REST queries
  • PowerShell (meta)-module - Microsoft.Graph
    • Container for other modules
  • Core module - Microsoft.Graph.Authentication
    • SignIn - Connect-MgGraph
    • Rest queries via: Invoke-MgGraphRequest
    • Switch version (v1.0 and beta)
    • Permissions

Command Structure

{Verb}-Mg{Resource}
  • Verb ... typical PS Verbs (Add, Clear, Copy, Get, Set, New, Remove, ...)
  • Mg ... Microsft Graph
  • Resource ... Graph resources (User, Group, Team, Mail, ...)

MS Graph Powershell - Features

  • Access to all Microsoft Graph APIs (single endpoint and access token):
    • Azure AD,
    • SharePoint,
    • Exchange,
    • Outlook, ...
  • PowerShell 5.1 and 7 (cross platform)
  • Authentication via Microsoft Authentication Library (MSAL)
  • Least privilege:
    • permissions are NOT pre-authorized
    • users must perform one-time request for different app permissions
  • "Advanced queries" via eventual consistency (?)
  • Open source
  • Regular updates

Installation

⚠️ Installing the main module will install all the 38 sub modules. Consider to install only necessary modules!

  • Recommended to use PowerShell 7, but 5.1 works too
  • Detailed Information: Learn MS - Install Graph PoSh
    • Execution Policy
    • Install / Update / Uninstall
# list modules for individual installation
Find-Module Microsoft.Graph*

# install a specific module
Install-Module Microsoft.Graph.Groups 

# install all modules ("globally" on device)
Install-Module Microsoft.Graph

# install all modules (for current user)
Install-Module Microsoft.Graph -Scope CurrentUser

Connect-MgGraph - Sign In

  • Two types of authentication:
    • delegated (user)
    • app-only access (requires admin consent)
  • Optional Scopes parameter is used to get consent
    • only needed once (consent is stored)
# Info about Graph connection command - extra parameters!
Get-Help Connect-MgGraph

# connect and get consent for user read all
Connect-MgGraph -Scopes "User.Read.All"

# disconnect
Disconnect-MgGraph

Selection of Commands

See MS Training Graph PS Intro...

Invoke-MgGraphRequest

  • if A default command does not exist
  • allows any kind of REST API request
$users = (Invoke-MgGraphRequest -Method GET https://graph.microsoft.com/v1.0/users).value

Authentication

See MS Training - Authentication Cmdlets