Microsoft Graph is an API for accessing data in various Microsoft services, including Azure Active Directory, Teams, and OneDrive. If you want to use it in PowerShell, you only need a single module instead of one for each cloud service. In scripts, it eliminates the need for separate authentication for each service.

For historical reasons, each product (Exchange, OneDrive, SharePoint, etc.) had its own API, which will continue to coexist with Graph for the foreseeable future. However, some new services, such as the Update for Business Deployment Service, can only be addressed via Graph from the start.

Consolidation of APIs ^

A consistent interface makes it easier for developers to keep track of the extensive API and its various cmdlets. This also applies to the results of queries, for example, on users or groups where the respective APIs deliver different results. This inconsistency stems from the fact that these properties have been stored differently depending on the product.

An urgent topic is the deactivation of basic authentication on October 1, 2022, in Microsoft 365, which will affect several Exchange protocols, as well as the backup or archiving of Teams messages and chats, among other things. Instead, Microsoft recommends using Graph in scripts.

Graph Explorer ^

MS Graph does not have an admin portal like Exchange Online or Teams, since it is primarily addressed programmatically. However, it can still be accessed on the web at http://graph.microsoft.com.

The Microsoft Graph home page

The Microsoft Graph home page

If you want to familiarize yourself with this technology, you should first start with Graph Explorer. This allows simple queries to be carried out. Later, you can integrate the commands in programming languages such as C#, JavaScript, Java, GO, and PowerShell.

In Graph Explorer, you can take your first steps with the API

In Graph Explorer, you can take your first steps with the API

Graph Explorer offers some help with Sample queries in the left menu.

There are currently two versions of endpoints that can be addressed: V1.0 and Beta.

In Graph Explorer, you can switch between version 1.0 and Beta

In Graph Explorer, you can switch between version 1.0 and Beta

Version 1.0 is intended for productive use. Microsoft releases new functions in beta, which should then appear in the next release.

Note that not all APIs are enabled by default. Microsoft reserves the right to unlock protected APIs only after approval of a request, and processing can take about two weeks.

Authentication of Microsoft Graph ^

Graph is authenticated using a security token (JSON Web Token). Since Graph Explorer is already an app, the administrator only has to log in there, and the security token will automatically be generated. However, in a PowerShell session, you first have to generate the token yourself and embed it in the script.

You can view the access token in Graph Explorer

You can view the access token in Graph Explorer

Access Graph using PowerShell ^

In addition to Graph Explorer, Microsoft Graph has its own module for PowerShell. This can be installed as follows:

Install-Module -Name Microsoft.Graph

The command

Get-Command -Module Microsoft.Graph -CommandType Function

shows how powerful this API is, with 39 submodules and over 8000 functions.

The module for Microsoft Graph includes a variety of cmdlets and functions

The module for Microsoft Graph includes a variety of cmdlets and functions

To connect to the Graph API, it is not enough to simply call the respective connect cmdlet, as is the case with the other M365 or Azure modules. Rather, you must first declare a scope that defines the permissions for access.

$Scope=@('User.Read.All','User.ReadWrite.All')
Connect-MgGraph -Scopes $Scope

Alternatively, you can access the REST API directly using Invoke-WebRequest or Invoke-RestMethod.

Conclusion ^

With Graph, Microsoft is developing a comprehensive interface for its online services. It is more consistent than the historically grown APIs of the various products and services. It also supports modern forms of authentication.

Subscribe to 4sysops newsletter!

The interface can be accessed via various programming languages, and a module with numerous functions and cmdlets exists for PowerShell.

avatar
0 Comments

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account