- Microsoft Graph: A single (PowerShell) API for Microsoft’s cloud services - Tue, Aug 23 2022
- Exchange impersonation: Grant permissions to service accounts - Mon, Aug 8 2022
- Send Microsoft Teams meeting invitations in multiple languages - Thu, Jul 21 2022
For historical reasons, each product (Exchange, OneDrive, SharePoint, etc.) had its own API, which will continue to coexist with Graph for the foreseeable future. However, some new services, such as the Update for Business Deployment Service, can only be addressed via Graph from the start.
Consolidation of APIs ^
A consistent interface makes it easier for developers to keep track of the extensive API and its various cmdlets. This also applies to the results of queries, for example, on users or groups where the respective APIs deliver different results. This inconsistency stems from the fact that these properties have been stored differently depending on the product.
An urgent topic is the deactivation of basic authentication on October 1, 2022, in Microsoft 365, which will affect several Exchange protocols, as well as the backup or archiving of Teams messages and chats, among other things. Instead, Microsoft recommends using Graph in scripts.
Graph Explorer ^
MS Graph does not have an admin portal like Exchange Online or Teams, since it is primarily addressed programmatically. However, it can still be accessed on the web at http://graph.microsoft.com.
Graph Explorer offers some help with Sample queries in the left menu.
There are currently two versions of endpoints that can be addressed: V1.0 and Beta.
Version 1.0 is intended for productive use. Microsoft releases new functions in beta, which should then appear in the next release.
Note that not all APIs are enabled by default. Microsoft reserves the right to unlock protected APIs only after approval of a request, and processing can take about two weeks.
Authentication of Microsoft Graph ^
Graph is authenticated using a security token (JSON Web Token). Since Graph Explorer is already an app, the administrator only has to log in there, and the security token will automatically be generated. However, in a PowerShell session, you first have to generate the token yourself and embed it in the script.
Access Graph using PowerShell ^
In addition to Graph Explorer, Microsoft Graph has its own module for PowerShell. This can be installed as follows:
Install-Module -Name Microsoft.Graph
Get-Command -Module Microsoft.Graph -CommandType Function
shows how powerful this API is, with 39 submodules and over 8000 functions.
To connect to the Graph API, it is not enough to simply call the respective connect cmdlet, as is the case with the other M365 or Azure modules. Rather, you must first declare a scope that defines the permissions for access.
$Scope=@('User.Read.All','User.ReadWrite.All') Connect-MgGraph -Scopes $Scope
Alternatively, you can access the REST API directly using Invoke-WebRequest or Invoke-RestMethod.
With Graph, Microsoft is developing a comprehensive interface for its online services. It is more consistent than the historically grown APIs of the various products and services. It also supports modern forms of authentication.
Subscribe to 4sysops newsletter!
The interface can be accessed via various programming languages, and a module with numerous functions and cmdlets exists for PowerShell.