More permissions on Graph Explorer than on Powershell

Matija Kupresanin 21 Reputation points Microsoft Intern
2022-11-25T10:02:14.807+00:00

When using Graph Explorer I am able to GET all groups in my organization, as well as GET all the role assignments. I, however, cannot do the same when using Powershell for the same purpose, as it says I have insufficient permissions. This seems inconsistent to me and I was wondering if I can anyhow accomplish the same level of privilege on Powershell.
When I check the permissions needed in Graph Explorer, all the permissions I have consented to are marked as AllPrincipal, if that makes my problem clearer?

Thanks in advance.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,591 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,470 questions
0 comments
Accepted answer
  1. Vasil Michev 95,341 Reputation points MVP
    2022-11-25T10:58:08.58+00:00

    "AllPrincipal" means someone have granted admin consent, thus all users within your organization can use all the consented permissions for Graph Explorer. The Graph module for PowerShell is a separate app, thus has its own set of permissions, and likely no admin consent was granted, so you're seeing what your user permissions allow. You can use the Get-MgContext cmdlet to get a list of all permissions you currently have been granted against PowerShell: 

    Get-MgContext | select -ExpandProperty Scopes
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest