by Lou Goban
IT Application Professional at Syntax

How to connect to MS Graph API in PowerShell

First step is to logon to the Azure portal > Azure AD > App registration and click on New registration.

Azure AD App registrations

Next step is to configure API permissions you need (Add a permission) and if needed Grant admin consent.

client application gains access to a resource server by declaring permission requests. Two types are available:

  • “Delegated” permissions, which specify scope-based access using delegated authorization from the signed-in resource owner, are presented to the resource at run-time as “scp” claims in the client’s access token.
  • “Application” permissions, which specify role-based access using the client application’s credentials/identity, are presented to the resource at run-time as “roles” claims in the client’s access token.
Azure AD API permissions

Next step is to create Client Secret.

Azure AD Certificates & secrets

Now the script to connect to MS Graph API and to get the token.

$ApplicationID = "APPLICATION (client) ID"
$TenatDomainName = "TENANT.onmicrosoft.com"
$AccessSecret = Read-Host "Enter Secret"

$Body = @{    
	Grant_Type    = "client_credentials"
	Scope         = "https://graph.microsoft.com/.default"
	client_Id     = $ApplicationID
	Client_Secret = $AccessSecret

$ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenatDomainName/oauth2/v2.0/token" `
-Method POST -Body $Body

$token = $ConnectGraph.access_token

if ($null -eq $token)
else {
	Write-Host "Connected to MS Graph API" -ForegroundColor Green

Leave the first comment