Getting failure with Connect-MgGraph.

Question

Getting failure with Connect-MgGraph.

Anil Kumar Saripadi 40

Get-MgApplication_List: Line | 5 | $appList = Get-MgApplication -All | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Authentication needed. Please call Connect-MgGraph.

Vasil Michev 119.5K Reputation points MVP Volunteer Moderator

2025-05-23T06:51:25.2433333+00:00

As the error message suggests, you need to connect to the Graph first. Use the Connect-MgGraph cmdlet and provide the credentials for a user with sufficient privileges to run the Get-MgApplication cmdlet.
Anil Kumar Saripadi 40 Reputation points

2025-05-23T12:40:02.44+00:00

Hi Vasil,

Can we connect to check deeply into the issue because I really don't understand what are you referring

Thanks,

Anil
Moosa Khan 595 Reputation points Microsoft External Staff Moderator

2025-05-23T20:35:59.79+00:00

Hello Anil,

Let's connect offline and discuss this in more detail. I've sent you a private message—please take a moment to respond to it when you can.
Anil Kumar Saripadi 40 Reputation points

2025-05-27T20:08:15.4633333+00:00

Connect-MgGraph -Identity -Scopes "Application.Read.All"

# Get all app registrations

$appList = Get-MgApplication -All

# Create an array to collect results

$results = @()

foreach ($app in $appList) {

    foreach ($secret in $app.PasswordCredentials) {

        $daysToExpire = ($secret.EndDateTime - (Get-Date)).Days

        # Only include secrets that are already expired or expiring in < 30 days

        if ($daysToExpire -lt 30) {

            $results += [PSCustomObject]@{

                AppDisplayName = $app.DisplayName

                AppId          = $app.AppId

                SecretStart    = $secret.StartDateTime

                SecretEnd      = $secret.EndDateTime

                DaysToExpire   = $daysToExpire

                Status         = if ($daysToExpire -lt 0) { "Expired" } else { "Expiring Soon" }

            }

        }

    }

}

# Display only relevant secrets

$results | Sort-Object DaysToExpire | Format-Table -AutoSize

Write-Host "$results"
SrideviM 5,630 Reputation points Microsoft External Staff Moderator

2025-05-30T05:25:19.6833333+00:00

Hello Anil Kumar Saripadi,

Sorry for the delayed response. I’ve got your case. Let me review the details and get back to you. In the meantime, could you confirm whether you granted Application.Read.All API permission to managed identity service principal or not? What version of Microsoft Graph PowerShell module you currently using in your automation account?

Accepted answer

0 additional answers

Your answer

Vasil Michev 119.5K Reputation points MVP Volunteer Moderator

2025-05-23T06:51:25.2433333+00:00

As the error message suggests, you need to connect to the Graph first. Use the Connect-MgGraph cmdlet and provide the credentials for a user with sufficient privileges to run the Get-MgApplication cmdlet.
Anil Kumar Saripadi 40 Reputation points

2025-05-23T12:40:02.44+00:00

Hi Vasil,

Can we connect to check deeply into the issue because I really don't understand what are you referring

Thanks,

Anil
Moosa Khan 595 Reputation points Microsoft External Staff Moderator

2025-05-23T20:35:59.79+00:00

Hello Anil,

Let's connect offline and discuss this in more detail. I've sent you a private message—please take a moment to respond to it when you can.
Anil Kumar Saripadi 40 Reputation points

2025-05-27T20:08:15.4633333+00:00

Connect-MgGraph -Identity -Scopes "Application.Read.All"

# Get all app registrations

$appList = Get-MgApplication -All

# Create an array to collect results

$results = @()

foreach ($app in $appList) {

foreach ($secret in $app.PasswordCredentials) {

$daysToExpire = ($secret.EndDateTime - (Get-Date)).Days

# Only include secrets that are already expired or expiring in < 30 days

if ($daysToExpire -lt 30) {

$results += [PSCustomObject]@{

AppDisplayName = $app.DisplayName

AppId = $app.AppId

SecretStart = $secret.StartDateTime

SecretEnd = $secret.EndDateTime

DaysToExpire = $daysToExpire

Status = if ($daysToExpire -lt 0) { "Expired" } else { "Expiring Soon" }

}

}

}

}

# Display only relevant secrets

$results | Sort-Object DaysToExpire | Format-Table -AutoSize

Write-Host "$results"
SrideviM 5,630 Reputation points Microsoft External Staff Moderator

2025-05-30T05:25:19.6833333+00:00

Hello Anil Kumar Saripadi,

Sorry for the delayed response. I’ve got your case. Let me review the details and get back to you. In the meantime, could you confirm whether you granted Application.Read.All API permission to managed identity service principal or not? What version of Microsoft Graph PowerShell module you currently using in your automation account?

Answer 1

Hello Anil Kumar Saripadi,

I understand you are getting the "Authentication needed. Please call Connect-MgGraph" error when connecting to Microsoft Graph in your Azure Automation runbook using Connect-MgGraph -Identity.

This is a known issue that arises when using newer versions of the Microsoft Graph PowerShell modules with PowerShell 7.2.

To resolve this, remove the existing Microsoft Graph modules and install version 2.25.0 as a workaround.

You can run the following PowerShell commands in Azure Cloud Shell to install version 2.25.0:

# Import Microsoft.Graph.Authentication module

$moduleName = 'Microsoft.Graph.Authentication'
$moduleVersion = '2.25.0'
New-AzAutomationModule -AutomationAccountName 'autaccname' -ResourceGroupName 'rgname' -Name $moduleName -ContentLinkUri "https://www.powershellgallery.com/api/v2/package/$moduleName/$moduleVersion" -RuntimeVersion '7.2'

# Import Microsoft.Graph.Applications module

$moduleName = 'Microsoft.Graph.Applications'
$moduleVersion = '2.25.0'
New-AzAutomationModule -AutomationAccountName 'autaccname' -ResourceGroupName 'rgname' -Name $moduleName -ContentLinkUri "https://www.powershellgallery.com/api/v2/package/$moduleName/$moduleVersion" -RuntimeVersion '7.2'

Wait until both modules show Available in the portal before testing your runbook.

User's image

Also, make sure the Automation account’s managed identity has the Application.Read.All application permission with admin consent.

User's image

After that, you can run the following script to retrieve expired or soon-to-expire app secrets:

Connect-MgGraph -Identity
$appList = Get-MgApplication -All
$results = @()

foreach ($app in $appList) {
    foreach ($secret in $app.PasswordCredentials) {
        $daysToExpire = ($secret.EndDateTime - (Get-Date)).Days
        if ($daysToExpire -lt 30) {
            $results += [PSCustomObject]@{
                AppDisplayName = $app.DisplayName
                AppId          = $app.AppId
                SecretStart    = $secret.StartDateTime
                SecretEnd      = $secret.EndDateTime
                DaysToExpire   = $daysToExpire
                Status         = if ($daysToExpire -lt 0) { "Expired" } else { "Expiring Soon" }
            }
        }
    }
}

$results | Sort-Object DaysToExpire | Format-Table -AutoSize

User's image

For more details on this issue, refer this related thread that I previously answered: Invalid JWT access token – Microsoft Q&A

Hope this helps!

If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.

User's image

If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

Share via

Getting failure with Connect-MgGraph.

0 additional answers

Your answer