How to Connect Microsoft Graph API using PowerShell ?

Question

How can I get the RedirectUri value from the Azure AD application registration?

Function GetAccessToken {  
    param (  
        [Parameter(Position=0, Mandatory=$false)]  
        [string] $ClientId,  
        [Parameter(Position=1, Mandatory=$false)]  
        [string] $RedirectUri,  
        [Parameter(Position=2, Mandatory=$false)]   
        [string] $Office365Username,   
        [Parameter(Position=3, Mandatory=$false)]  
        [string] $Office365Password      
      )  
    # Set ADAL (Microsoft.IdentityModel.Clients.ActiveDirectory.dll) assembly path from Azure AD module location  
    try {  
    $AADModule = Import-Module -Name AzureAD -ErrorAction Stop -PassThru  
    }  
    catch {  
    throw 'The AzureAD PowerShell module not installed'  
    }  
    $adalPath = Join-Path $AADModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"  
    $adalformPath = Join-Path $AADModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"  
    [System.Reflection.Assembly]::LoadFrom($adalPath) | Out-Null  
    [System.Reflection.Assembly]::LoadFrom($adalformPath) | Out-Null    
   
    # If client not proivded, we are setting the id of an Azure AD app which is pre-registered by Microsoft  
    if([string]::IsNullOrEmpty($ClientId) -eq $true)  
    {      
    # This is a well known and pre-registered Azure AD client id of PowerShell client.   
    $ClientId = "1950a258-227b-4e31-a9cf-717495945fc2"  
    $RedirectUri = "urn:ietf:wg:oauth:2.0:oob"  
    }  
    elseIf ([string]::IsNullOrEmpty($RedirectUri) -eq $true)  
    {  
      throw "The RedirectUri not provided"  
    }  
    $resourceURI = "https://graph.microsoft.com"  
    $authority = "https://login.microsoftonline.com/common"  
    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority  
        
    #Acquire token without user interaction  
    if (([string]::IsNullOrEmpty($Office365Username) -eq $false) -and ([string]::IsNullOrEmpty($Office365Password) -eq $false))  
    {  
    $SecurePassword = ConvertTo-SecureString -AsPlainText $Office365Password -Force  
    #Build Azure AD credentials object  
    $AADCredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential" -ArgumentList $Office365Username,$SecurePassword  
    # Get token without login prompts.  
    $authResult = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext, $resourceURI,$ClientId, $AADCredential)  
    $accessToken = $authResult.Result.AccessToken  
    }  
    else  
    {  
    # Get token by prompting login window.  
    $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Always"  
    $authResult = $authContext.AcquireTokenAsync($resourceURI, $ClientID, $RedirectUri, $platformParameters)  
    $accessToken = $authResult.Result.AccessToken  
    }  
   
    return $accessToken  
}  
  
$accessToken = GetAccessToken -Office365Username '******@domain.com' -Office365Password 'xxx111!!!' -ClientId '14d82eec-204b-4c2f-b7e8-296a70dab67e' -RedirectUri '...'  

This is so I can execute the PowerShell command based on the User Account I listed under the:

Enterprise Application > Microsoft Graph PowerShell | Users and groups

Thanks in advance.

Answer 1

Hi , If I understood correctly , you are trying to connect ms-graph through PowerShell , you can use below command

Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All"

you can add the scopes if you want to access for the particular resources

https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=powershell#request

Please let us know you are trying to access particular endpoint in PowerShell.

Thanks