Microsoft Graph API using PowerShell

Microsoft Graph API using PowerShell

November 5, 2022 Azure AD PowerShell 0

.

The Microsoft Graph API is a service that allows you to read, modify and manage almost every aspect of Azure AD using REST API endpoint.

In this article, I will explain how to read your date from API to PowerShell Graph API.

To read from or write to a resource such as a user or an email message, you construct a request REST API method

Sample Query

{HTTP method} https://graph.microsoft.com/{version}/{resource}?{query-parameters}

HTTP Method
GET – Read data from the Resource Server
POST – Create a New Resource
PATCH – Update a Resource with new vaule
PUT – Replace a Resource with a new one
DELETE – Remove a Resource

Version
Microsoft Graph current supported with v1.0 and beta (recommanded)

Resource
A Resource defined with properties. Each resource might different permission to acccess it. you can interact with resourse using method.

Query Parameters
You can use optional Data system query options to include more or fewer properties than the default response.

Register Application in Azure AD

Login to Azure https://portal.azure.com > Azure Active Directory > App registration
or
Login to Entra https://entra.microsoft.com > Application > Azure Active Directory

Enter the app name “PowershellApp” and click Register
Click the Application which is created.

To provide Graph API Permission, Go to the “API permissions” section from the created application

By default, an app is allowed to read data about a current Azure AD user only (User.Read)
Click Add a permission, select Microsoft Graph

There are two basic permission types in Microsoft Graph
Delegated permission – when something is done on behalf of a user who runs an app
Application Permission – when an app is called by an external script.

Select Application Permission and select permissions which is required for you.

Click Grant admin consent to grant access on behalf of the administrator

In order work client credential flow, you have to create the Secret which you have generate from “Certificate & Secerts” and New Client Secrets
Provide the Key Name and set the validaity time period


Copy the value and save it in secure location. Azure Key vault is recommande option to handle this operation.

Get the Application client ID, Tenant ID (or Name) & Secret to configure in Powershell script as below,

$ApplicationID = “12341234-1234-1234-1234-123456789012”
$TenatDomainName = “xxx.onmicrosoft.com”
$AccessSecret = “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”

It’s time to Select the Grand type and scope.

$Body = @{
Grant_Type = “client_credentials”
Scope = “https://graph.microsoft.com/.default”
client_Id = $ApplicationID
Client_Secret = $AccessSecret
}

Together, its time to get access token by using Reset Method.

$ConnectGraph = Invoke-RestMethod -Uri “https://login.microsoftonline.com/$TenatDomainName/oauth2/v2.0/token” -Method POST -Body $Body

Now, we got the Access Token to validate execute below command

$ConnectGraph
$token = $ConnectGraph.access_token

Below final call to access resource using Graph API, In this example, we are retrieving Group information.

$GrapGroupUrl = ‘https://graph.microsoft.com/beta/Groups/’
(Invoke-RestMethod -Headers @{Authorization = “Bearer $($token)”} -Uri $GrapGroupUrl -Method Get).value.displayName

Few more example,

My profile information https://graph.microsoft.com/v1.0/me
All Groups information https://graph.microsoft.com/v1.0/groups

Also, you can use Graph API to get Azure Configuration. Below example query will provide Azure AD Application proxy Connector Server details

https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectors

Hope this article informative. Let me know in command box if you need pull any information using Azure Graph API.

 12,713 total views,  12 views today

Leave a Reply

Your email address will not be published. Required fields are marked *