skip to Main Content

Install Microsoft Graph PowerShell module

Microsoft Graph PowerShell replaces the Azure AD PowerShell and MSOnline modules and is recommended for interacting with Azure AD. The Microsoft Graph PowerShell module is what you need to use when connecting to Azure AD. In this article, you will learn how to install Microsoft Graph PowerShell module.

Microsoft Graph PowerShell module

The Microsoft Graph PowerShell SDK provides the following benefits:

  • Access to all Microsoft Graph APIs: Microsoft Graph PowerShell is based on Microsoft Graph API. In addition to Azure AD, the Microsoft Graph API includes APIs from other Microsoft services like SharePoint, Exchange, and Outlook, all accessed through a single endpoint with a single access token.
  • Supports PowerShell 7: Microsoft Graph PowerShell works with PowerShell 7 and later. It’s also compatible with Windows PowerShell 5.1.
  • Cross-platform support: Microsoft Graph PowerShell works on all platforms including Windows, macOS, and Linux.
  • Supports modern authentication: Microsoft Graph PowerShell supports the Microsoft Authentication Library (MSAL) which offers more security. For example, you can use passwordless sign-in experiences.
  • Supports external identities: Users from other Azure AD tenants can authenticate to services in your tenant with Microsoft Graph PowerShell.
  • Uses least privilege: Microsoft Graph PowerShell permissions are not pre-authorized and users must perform one-time request for app permissions depending on their needs.
  • Advanced queries: Microsoft Graph PowerShell supports rich, advanced queries via eventual consistency. For example, you can get a near-instant count of all users using advanced queries.
  • Open source: Feature teams and the community can create great PowerShell experiences and share them with everyone.
  • Receives regular updates: Microsoft Graph PowerShell commands are updated regularly to support the latest Graph API updates.

Install Microsoft Graph PowerShell module

Before we can install Microsoft Graph PowerShell module, we need to set up the system.

Microsoft Graph PowerShell module prerequisites

The following prerequisites are required to use the Microsoft Graph PowerShell SDK with Windows PowerShell:

  • Upgrade to PowerShell 5.1 or later
  • Install .NET Framework 4.7.2 or later

Set Windows PowerShell Execution Policy

By default, we can’t install scripts. To require all PowerShell scripts that you download from the internet are signed by a trusted publisher, run PowerShell as administrator, and run the cmdlet. Press Y and press Enter.

PS C:\> Set-ExecutionPolicy RemoteSigned

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): Y

Important: Close and re-open the elevated Windows PowerShell window to have the changes apply.

Install PowerShellGet module

Run PowerShell as administrator. Run the command Install-Module PowershellGet -Force. When asked to install NuGet provider, press Y and follow with Enter.

PS C:\> Install-Module PowershellGet -Force

NuGet provider is required to continue
PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
'C:\Users\administrator.EXOIP\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install
and import the NuGet provider now?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y

If you get an error that it’s unable to install, read the article Unable to install NuGet provider for PowerShell.

Install Microsoft Graph module

Install the Microsoft Graph module. Press Y and Enter.

PS C:\> Install-Module Microsoft.Graph -Force

It may take some time to download and install the Microsoft Graph PowerShell module. So give it a couple of minutes.

Connect to Microsoft Graph PowerShell

Connect to Microsoft Graph PowerShell using the module with or without MFA.

Note: We recommend to enable MFA (Multi-Factor Authentication) on the accounts.

Connect with your admin account to Microsoft Graph so you can access Azure Active Directory (Azure AD) resources. Run the Connect-MgGraph cmdlet.

PS C:\> Connect-MgGraph -Scopes 'User.Read.All'

In the sign-in window that opens, enter your password, and then click Sign in.

If MFA is enabled, a verification code is generated and delivered based on the verification response option that’s configured for your account. For example, a text message or the Azure Authenticator app on your mobile phone.

Install Microsoft Graph PowerShell module sign in

Enable the checkbox Consent on behalf of your organization. Click Accept.

Install Microsoft Graph PowerShell module permissions requested

After the verification succeeds, you will get back to the PowerShell window.

Get Microsoft Graph current session details

Download the Get-MgInfo.ps1 PowerShell script and save it in the C:\scripts folder.

Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.

Another option is to copy and paste the below code into Notepad. Give it the name Get-MgInfo.ps1 and place it in the C:\scripts folder.

$Details = Get-MgContext
$Scopes = $Details | Select-Object -ExpandProperty Scopes
$Scopes = $Scopes -Join ","
$ProfileName = (Get-MgProfile).Name
$OrgName = (Get-MgOrganization).DisplayName

Write-Host Tenant Id = $Details.TenantId
Write-Host Client Id = $Details.ClientId
Write-Host Org name = $OrgName
Write-Host App Name = $Details.AppName
Write-Host Account = $Details.Account
Write-Host Profile name = $ProfileName
Write-Host Scopes = $Scopes

Let’s retrieve the details about our current session. Adjust the path to the C:\scripts folder and run the Get-MgInfo.ps1 PowerShell script.

PS C:\> cd C:\scripts\
PS C:\scripts> .\Get-MgInfo.ps1

Tenant Id = 1d845768-c027-4321-abe5-02f619863465
Client Id = 16d83eec-204b-4c2f-b7e8-234a70dab27e
Org name = exoip365
App Name = Microsoft Graph PowerShell
Account = admin@exoip.com
Profile name = v1.0
Scopes = openid,profile,User.Read,email,User.Read.All

If you want to check that you have connected with Users Read All Permissions, an excellent way is to run Get-MgUser cmdlet and get a list of all the users.

PS C:\> Get-MgUser -All

Id                                   DisplayName          Mail                           UserPrincipalName              UserType
--                                   -----------          ----                           -----------------              --------
27e679fe-d17e-4786-adc1-1234bc87a847 Aaik Makisako        aaik.makisako@exoip.com        aaik.makisako@exoip.com
35498693-bf7a-4f84-bc66-3219a42effef Aalap Bilimoria      aalap.bilimoria@exoip.com      aalap.bilimoria@exoip.com
3d6152e6-dc9b-4239-9ebd-153008cd4927 Aalyah Marinelarena  aalyah.marinelarena@exoip.com  aalyah.marinelarena@exoip.com
8ecd0481-2e15-4e91-9755-c88d791c2945 Aanisah Serraino     aanisah.serraino@exoip.com     aanisah.serraino@exoip.com
3fad5d32-fcdd-455e-b576-083da0634967 Aarshee Hego         aarshee.hego@exoip.com         aarshee.hego@exoip.com
92918266-5da1-4da5-8cd5-78befeb0d37f Aarun Vesc           aarun.vesc@exoip.com           aarun.vesc@exoip.com
ae442be1-f7fe-499b-9312-e96ca547ded7 Aarzu Venaski        aarzu.venaski@exoip.com        aarzu.venaski@exoip.com

Disconnect Microsoft Graph

Disconnect the remote PowerShell session when you’re finished. If you close the Microsoft Graph PowerShell module window without disconnecting the session, you could use up all the remote PowerShell sessions available to you, and you’ll need to wait for the sessions to expire.

PS C:\> Disconnect-MgGraph


ClientId              : 16d83eec-204b-4c2f-b7e8-234a70dab27e
TenantId              : 1d845768-c027-4321-abe5-02f619863465
CertificateThumbprint :
Scopes                : {openid, profile, User.Read, email...}
AuthType              : Delegated
AuthProviderType      : InteractiveAuthenticationProvider
CertificateName       :
Account               : admin@exoip.com
AppName               : Microsoft Graph PowerShell
ContextScope          : CurrentUser
Certificate           :
PSHostVersion         : 5.1.17763.3770

Suppose you rerun the Disconnect-MgGraph cmdlet, you get the below output because you are already signed out.

PS C:\> Disconnect-MgGraph

Disconnect-MgGraph : No application to sign out from.
At line:1 char:1
+ Disconnect-MgGraph
+ ~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Disconnect-MgGraph], ArgumentException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.DisconnectMgGraph

Check Microsoft Graph PowerShell module version

Verify that the Microsoft Graph module is installed and which version is running.

PS C:\> Get-InstalledModule Microsoft.Graph | ft -AutoSize

Version Name            Repository Description
------- ----            ---------- -----------
1.19.0  Microsoft.Graph PSGallery  Microsoft Graph PowerShell module

Update Microsoft Graph Powershell module

Microsoft provides updates to the Microsoft Graph PowerShell module, and you should keep it up to date.

PS C:\> Update-Module Microsoft.Graph

That’s it!

Read more: Enable idle session timeout in Microsoft 365 »

Conclusion

You learned how to install Microsoft Graph PowerShell. Connect to Azure AD using the Microsoft Graph PowerShell module with or without MFA. After connecting to Microsoft Graph PowerShell, you can use the cmdlets. Remember to disconnect when you finish.

Did you enjoy this article? You may also like Disable remote PowerShell for non-admins. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *