Using Microsoft Graph PowerShell to create Script that is authenticated only by username & password ?

EnterpriseArchitect 5,376 Reputation points
2022-07-11T14:20:23.54+00:00

Hi All,

With the deprecated Powershell methods:

https://learn.microsoft.com/en-us/powershell/module/msonline/set-msoluserlicense?view=azureadps-1.0
https://learn.microsoft.com/en-us/powershell/module/azuread/set-azureaduserlicense?view=azureadps-2.0

What's the best solution to allow me to create a single Powershell script that can be used by all of my technicians authenticated by Username & Password only?
Each of the Technicians will be granted a User Access Administrator role.

Thank you so much for your attention and participation.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,011 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,717 questions
{count} vote

Accepted answer
  1. 2022-07-11T22:55:43.783+00:00

    Hello @EnterpriseArchitect , in order to allow users to assign licenses trough PowerShell you can leverage the Set-MgUserLicense cmdlet. Users do not need to belong to an administrative role. Just ensure to use an access token with the User.ReadWrite.All scope and previously, to grant admin wide consent using the Connect-MgGraph cmdlet.

    Here is an example:

       Get-MsalToken -ClientId <CLIENT ID. EG:  14d82eec-204b-4c2f-b7e8-296a70dab67e for 'Microsoft Graph PowerShell'> -Scope "User.ReadWrite.All" -TenantId <TENANT ID>  
    
    Script content (Requires MSAL.PS):
       $AccessToken=(Get-MsalToken -ClientId <SAME CLIENT ID AS BEFORE> -Scope "User.ReadWrite.All" -TenantId <TENANT ID>).AccessToken  
       Connect-MgGraph -AccessToken $AccessToken  
       Set-MgUserLicense -UserId '<TARGET USER ID>' -AddLicenses @{SkuId = <SKU ID>} -RemoveLicenses @()  
    

    As a security measure you can restrict access to the used client enterprise application to selected users.

    Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it and complete the quality survey so that others in the community with similar questions can more easily find a rated solution.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.