Table of Contents
Microsoft Graph PowerShell replaces the Entra ID PowerShell and MSOnline modules. Therefore, we suggest you to use MS Graph PowerShell SDK to connect with Entra ID. In this article, you will learn how to install Microsoft Graph PowerShell module.
Prerequisites Microsoft Graph PowerShell
Before you can install Microsoft Graph PowerShell module, you need to set up the system. The following prerequisites are required to use the Microsoft Graph PowerShell SDK with Windows PowerShell:
- Upgrade to PowerShell 5.1 or later.
- Install .NET Framework 4.7.2 or later.
However, there are no additional prerequisites to use the Microsoft Graph PowerShell SDK if you install PowerShell 7 on Windows. Therefore, it is recommended to use PowerShell 7 or later with Microsoft Graph PowerShell SDK on all platforms.
Install Microsoft Graph PowerShell SDK
The Microsoft Graph PowerShell SDK consist of two modules. Follow the below steps to install Microsoft Graph module and Microsoft Graph Beta module on PowerShell.
1️⃣ Right click on the Windows Start icon then select Windows PowerShell Admin (On Windows 11, select Terminal Admin).
2️⃣ Copy then run all below commands at once:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Install-PackageProvider -Name NuGet -Force
Install-Module PowerShellGet -Force
Set-PSRepository -Name "PSGallery" -InstallationPolicy TrustedInstall-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -ForceInstallation commands explanation:
- By default, we can’t install scripts. To require all PowerShell scripts that you download from the internet are signed by a trusted publisher, you need to Set-ExecutionPolicy.
- Install NuGet provider.
- Install PowerShellGet module.
- Install Microsoft Graph module. Install the Microsoft Graph Beta module. Add the parameters -AllowClobber and -Force to prevent conflicts when upgrading from other module versions. This may be the case when upgrading from v1.x to v2.x.
3️⃣ Verify you installed the Microsoft Graph module. Use the below PowerShell cmdlet to check Microsoft Graph PowerShell module version.
Get-InstalledModule | ? {($_.Name -eq 'Microsoft.Graph') -or ($_.Name -eq 'Microsoft.Graph.Beta')}
Version Name Repository Description
------- ---- ---------- -----------
2.6.1 Microsoft.Graph PSGallery Microsoft Graph PowerShell module
2.6.1 Microsoft.Graph.Beta PSGallery Microsoft Graph PowerShell moduleAlternatively, we’ve created a PowerShell script to install all Microsoft 365 PowerShell modules automatically. You can install using a simple command:
irm bonguides.com/pw | iex
Connect to Microsoft Graph PowerShell
You can connect to Microsoft Graph PowerShell with or without MFA. For this example, we will show you how to connect with interactive mode.
1️⃣ Run the PowerShell cmdlet with the below scopes.
Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All"2️⃣ The sign-in window opens.
- Enter your admin account and password.
- Click Sign in.
If you have MFA enabled, you will get a verification code sent as a text message or to your Authentication app on your phone. If your MFA is disabled, you will not do anything here.
3️⃣ It shows the permissions you allow Microsoft Graph to use.
- Select Consent on behalf of your organization
- Click Accept
4️⃣ After the verification, you can go back to your PowerShell window.
PS C:\> Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All"
Welcome To Microsoft Graph!Read more: There are other methods to Connect to Microsoft Graph PowerShell without authentication, like self-signed certificate or client secret.
5️⃣ To verify you connected with the correct permissions, use Get-MgUser cmdlet. Or you can use the Get-MgContext cmdlet to get more details about the current session.
PS C:\> Get-MgUser -All | select DisplayName, UserPrincipalName
DisplayName UserPrincipalName
----------- -----------------
Conf Room Adams [email protected]
Adele Vance [email protected]
MOD Administrator [email protected]
Alex Wilber [email protected]
...PS C:\> Get-MgContext
ClientId : 14d82eec-204b-4c2f-b7e8-296a70dab67e
TenantId : c032627b-6715-4e39-9990-bcf48ee5e0c5
CertificateThumbprint :
Scopes : {Application.ReadWrite.All, Directory.Read.All, openid...}
AuthType : Delegated
AuthProviderType : InteractiveAuthenticationProvider
CertificateName :
Account : [email protected]
AppName : Microsoft Graph Command Line Tools
ContextScope : CurrentUser
Certificate :
PSHostVersion : 5.1.22621.1778Run the below cmdlet to use the Microsoft Graph Beta.
Get-MgBetaUser -AllDisconnect Microsoft Graph PowerShell
Always disconnect the remote PowerShell session when you finish, to avoid waiting for older sessions to expire. Disconnect the remote PowerShell session once you finish with the below cmdlet.
PS C:\> Disconnect-MgGraph
ClientId : 14d82eec-204b-4c2f-b7e8-296a70dab67e
TenantId : c032627b-6715-4e39-9990-bcf48ee5e0c5
Scopes : {Group.ReadWrite.All, openid, profile, User.ReadWrite.All...}
AuthType : Delegated
TokenCredentialType : InteractiveBrowser
CertificateThumbprint :
CertificateSubjectName :
Account : [email protected]
AppName : Microsoft Graph Command Line Tools
ContextScope : CurrentUser
Certificate :
PSHostVersion : 5.1.19041.3031
ManagedIdentityId :
ClientSecret :
Environment : GlobalYou can check you disconnected correctly, if you run the above cmdlet again. The below output shows there is no application to sign out from, because you already disconnected Microsoft Graph.
PS C:\> Disconnect-MgGraph
Disconnect-MgGraph : No application to sign out from.
At line:1 char:1
+ Disconnect-MgGraph
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Disconnect-MgGraph], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.DisconnectMgGraphUninstall Microsoft Graph PowerShell module
To uninstall all the Microsoft Graph PowerShell modules, including the beta version, run the below commands.
Uninstall-Module Microsoft.Graph -AllowPrerelease -AllVersions
Uninstall-Module Microsoft.Graph.Beta -AllowPrerelease -AllVersions
Get-InstalledModule Microsoft.Graph.* | ForEach-Object{
if($_.Name -ne "Microsoft.Graph.Authentication"){
Uninstall-Module $_.Name -AllowPrerelease -AllVersions
}
}
Uninstall-Module Microsoft.Graph.Authentication -AllowPrerelease -AllVersionsYou can get the error: No match was found. The error looks like the example shown below, but it is not a problem. It means that the specified Microsoft Graph module is already removed. Proceed with the other commands.
PackageManagement\Uninstall-Package : No match was found for the specified search criteria and module names 'Microsoft.Graph'.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\2.2.5\PSModule.psm1:12733 char:21
+ ... $null = PackageManagement\Uninstall-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Microsoft.Power...ninstallPackage:UninstallPackage) [Uninstall-Package], Exception
+ FullyQualifiedErrorId : NoMatchFound,Microsoft.PowerShell.PackageManagement.Cmdlets.UninstallPackageFinding Microsoft Graph Scopes
Finding the right scope can be a bit challenging at the beginning. But there are two good sources that you can use to determine which scopes you will need to specify:
- Microsoft Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer
- Microsoft Graph Rest API Reference: https://docs.microsoft.com/en-us/graph/api/overview
Microsoft Graph Explorer
The Microsoft Graph Explorer is a great tool to test out API calls to Microsoft Graph. It comes with a lot of examples calls to help you get started. But it will also list the required permission for the call.
Open the Graph Explorer | Select an Sample Query on the left side | Click Modify Permissions tab.
Microsoft Graph Rest API Reference
The other option is to use the Rest API Reference. You can select in the left menu one of the entities that you want to work with and then view the required permissions. You don’t need to add all scope, they are listed from least to most privileged.
An example, we find the scope to get OneDrive for Business for users.
Frequently Asked Questions (FAQ)
Click on Start and search for the PowerShell app. On the right side, click on Run as administrator. Or you can right-click the PowerShell icon and select Run as administrator. This way, you can run PowerShell commands without restrictions.
Installing Microsoft Graph PowerShell provides access to Entra ID and MSOnline modules. Since Azure Active Directory Graph is deprecated, it’s required to install Microsoft Graph PowerShell. Microsoft Graph is also more secure and resilient than Entra ID Graph.
To connect to Microsoft Graph PowerShell, you don’t need MFA enabled. The cmdlet Connect-MgGraph works for accounts with or without MFA. However, we recommend enabling MFA to protect your organization and have strong security.
It’s best to install the necessary modules including Microsoft.Graph.Authentication which is installed by default. If you using an older MS Graph module, you should update it to the latest module using the cmdlet Update-Module Microsoft.Graph.
We recommend installing the Microsoft.Graph.Beta module to use commands that are not yet available in the Microsoft Graph module v2.x. Otherwise, you can’t run these commands and you will get the error: No match was found.
Conclusion
You learned how to install Microsoft Graph PowerShell module and update to the latest version. It is recommended to install the Microsoft Graph Beta module to use the cmdlets that are not yet available in the latest version v2. Connect to Microsoft Graph PowerShell with or without MFA to use the new cmdlets. Always remember to disconnect when you finish.
Not a reader? Watch this related video tutorial:
