top of page
Writer's pictureWill Francillette

What is the PowerShell Microsoft Graph SDK

Updated: Mar 7


Microsoft Graph SDK

The PowerShell Graph SDK is a PowerShell module that simplifies querying the Microsoft Graph API. It translates the different available queries into cmdlets.


The module is open source and developed by Microsoft and the community. It (will) replace(s) modules such as Azure AD or MS Online to manage Azure AD and is scoped to encompass Microsoft's ecosystem such as Intune, Power platform, Teams and much more.


The Graph API comes in 2 versions v1.0 and beta: v1.0 is supposed to be the production/stable version and beta the development version; however, this is not really the case: the beta API is used by Microsoft in portals like Intune and used also in released versions of identity governance such as Entitlement Management and Access packages for example. (From my own testing the v1.0 for Access packages was less stable than beta)

​Update 22/12/2022:

The Graph SDK module v2.0 has just been released in preview

The module has been split in 2 sseparate modules: Graph and GraphBeta. You don't need to switch between the 2 versions using Select-MgProfile. For example, you will find Get-MgUser or Get-MgBetaUser. This new modules come with improved security and performance.


For more info check: Microsoft Graph PowerShell v2 is now in public preview, half the size, and will speed up your automations - Microsoft 365 Developer Blog


Why would you use Microsoft Graph SDK for?

Use cases are just infinite! The module can be used as a single command, as a script, or for configuration-as-code and DevOps. It simply allows you to manage your Microsoft 365 and Azure AD environment with command line.

  • It helps making bulk changes or repeating processes.

  • It helps freeing time for sysadmins.

  • It helps deploying consistent and more secure infrastructure.

  • It helps MSPs and consulting firms deploying blueprints.

  • It helps software developers integrating their app with Azure AD and Microsoft 365.

  • and more, more and more


Simplified Graph access


Like mentioned earlier, this module simplifies querying the Graph API. Let's take the connection for example. If you were to use the API without the SDK you will need to:


1- Register an Azure AD application

App registration

2- Assign permissions


Graph Permission

3- Acquire an Azure AD access token


# That code gets the App Context Token and save it to a file named 
# "Latest-token.txt" under the current directory
# Paste below your Tenant ID, App ID and App Secret (App key).

$tenantId = ''### Paste your tenant ID here
$appId = ''### Paste your Application ID here
$appSecret = ''### Paste your Application secret here
$oAuthUri = "https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token HTTP/1.1"
$authBody = [Ordered] @{
    scope = 'https%3A%2F%2Fgraph.microsoft.com%2F.default'
    client_id = "$appId"    
    client_secret = "$appSecret"    
    grant_type = 'client_credentials' 
 }
$authResponse = Invoke-RestMethod `
    -Method Post `
    -Uri $oAuthUri `
    -Body $authBody `
    -ErrorAction Stop
$token = $authResponse.access_token
Out-File -FilePath"./Latest-token.txt" -InputObject$token 
return $token

4- Run your query referencing this token


And I won't mention here other aspects like managing pagination and other.


With the SDK you simply need to use the Connect-MgGraph cmdlet and you're ready to query the API. The module takes care of all the mentioned steps above and use the built-in Microsoft Graph application.


Most queries have their dedicated cmdlets such as Get-MgUser -All to return a list of all users in a tenant or Get-MgUser -UserId to return a specific user.

  • You don't need to build a Json body but use the available parameters.

  • You don't need to manage the pagination as it can return all results using -All parameters.

  • You still can use your odata filters using the -Expand parameter.

  • If the cmdlet is not available then use Invoke-MgGraphRequest informing the cmdlet with the rest of the parameters such as URI, method and body.


To get started, run

Install-Module Microsoft.Graph -Scope CurrentUser

Or if you have admin privileges

Install-Module Microsoft.Graph

Next blog will be on the Graph authentication and scopes,

Stay tuned!

Reference:





732 views1 comment

1 Comment


mhsekr
Dec 22, 2022

useful one, thanks !

Like
bottom of page