To export the device local admin password using Microsoft Graph API using PowerShell, you can use the following steps:
- Install the Microsoft Graph PowerShell SDK.
- Connect to Microsoft Graph using the
Connect-MgGraph
cmdlet. - Get the device local credentials using the following query:
https://graph.microsoft.com/beta/deviceLocalCredentials/[deviceId]
Replace [deviceId]
with the ID of the device whose local admin password you want to export.
- Save the password to a file or variable.
The following PowerShell script demonstrates how to export the device local admin password for a device with the ID 12345678-90ab-cdef-0123-456789abcdef
:
Install the Microsoft Graph PowerShell SDK
Install-Module Microsoft.Graph
Connect to Microsoft Graph
Connect-MgGraph -ClientId <your_client_id> -TenantId <your_tenant_id>
Get the device local credentials
$credentialsResponse = Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/deviceLocalCredentials/12345678-90ab-cdef-0123-456789abcdef"
Save the password to a file
$password = $credentialsResponse.password
Write-Host $password >> "C:\Temp\LocalAdminPassword.txt"
Note: The list device credentials
endpoint does not return the password in clear text. To get the password in clear text, you need to use the /beta
version of the Microsoft Graph API and the deviceLocalCredentials/[deviceId]
query endpoint.