Why is Get-MgContext not returning a tenant id or Account name?

Question

I'm trying to run an ms-identity sample app that calls a Microsoft Graph that is secured using Azure Active Directory. The sample is here:

https://github.com/Azure-Samples/ms-identity-python-webapp

When I run the app creation script, I ran into an error. I've been running the commands in the AppCreationScripts/Configure.ps1 script manually to track down where the error occurs.

I have no azureEnvironmentName so the value of $azureEnvironmentName in the script is set to "Global".

Then I connect via this command:

Connect-MgGraph -Scopes "User.Read.All Organization.Read.All Application.ReadWrite.All" -Environment $azureEnvironmentName

This works and I get the message "Connecting to Microsoft Graph" and "Welcome to Microsoft Graph!"

However, the script gets the context with

$context = Get-MgContext

and then tries to get the TenantId and Account from the context. However, the context returned from Get-MgContext doesn't have those. Here's what I see in powershell.

PS C:\Users\cbird\Documents\repos\ms-identity-python-webapp\AppCreationScripts> $context = Get-MgContext

PS C:\Users\cbird\Documents\repos\ms-identity-python-webapp\AppCreationScripts> $context

ClientId : 14d82eec-204b-4c2f-b7e8-296a70dab67e

TenantId :

CertificateThumbprint :

Scopes :

AuthType : Delegated

AuthProviderType : InteractiveAuthenticationProvider

CertificateName :

Account :

AppName :

ContextScope : CurrentUser

Certificate :

PSHostVersion : 5.1.22621.963

As you can see, there is no tenantid and no account.

The script also tries to call Get-MgOrganization and I get the following error:

PS C:\Users\cbird\Documents\repos\ms-identity-python-webapp\AppCreationScripts> $Tenant = Get-MgOrganization
Get-MgOrganization : Unable to find target address
At line:1 char:1
+ $Tenant = Get-MgOrganization
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ Top = , Skip ...ndProperty =  }:<>f__AnonymousType31`8) [Get-MgOrganization_List1], RestException`1
    + FullyQualifiedErrorId : InternalServerError,Microsoft.Graph.PowerShell.Cmdlets.GetMgOrganization_List1

I'd appreciate any help getting this sample script running so that I can figure out how to add Microsoft Identity to my own web app. I'm happy to provide any additional information that might be helpful.

If it helps, my azure subscription is tied to my personal Microsoft account and when the popup occurs for me to connect/log in to MS Graph, I use that personal account. It's not a work or school account.

Thank you!

Chris

Answer 1

Hi @Christian Bird ,

Thanks for reaching out. As per my understanding you are connecting to Graph using the azure subscription tied to your personal Microsoft account. But you are getting empty and error response from graph PS commands.

I tried to reproduce the scenario and i am getting expected results. Please find the below screen shots for reference.

1. Connect to the required environment using: Connect-MgGraph -Environment “Environment Name”. (Login with personal Microsoft credentials and consent it)
2. Use Get-MgContext to retrieve the details about current session.
3. Use Get-MgOrganization to get the organization details.

Documentation Reference: Using Microsoft Graph PowerShell authentication commands | Microsoft Learn

Seems like this issue is tenant/user specific. I would suggest you to report this by raising a support case with Microsoft, a dedicated Support Engineer will be able to assist you better. You can raise support ticket from [http://aad.portal.azure.com] or https://admin.microsoft.com/#/support/requests

Hope this helps.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".