The first step in any use of the Graph SDK is to connect to the Graph using the Connect-MgGraph<\/em> cmdlet. When you run Connect-MgGraph<\/em> to connect to the Graph, it\u2019s wise to specify the identifier of the tenant to which you want to connect.<\/p>\n\n\n\n Connect-MgGraph -TenantId “828e1143-88e3-492b-bf82-24c4a47ada63”<\/p>\n\n\n\n If you don\u2019t specify a tenant, Connect-MgGraph<\/em> will choose the last tenant you signed into during a session (which might not be the one you want to connect to). I discovered this when I connected to the Graph and discovered that the data used belonged to my development tenant. I noticed then, but it\u2019s possible that someone might miss this elsewhere, so make it a habit to connect with the tenant identifier.<\/p>\n\n\n\n A session lasts until you run Disconnect-MgGraph<\/em> (see below) and can be reinitiated multiple times over days by running Connect-MgGraph<\/em>. Behind the scenes, the Graph SDK keeps an encrypted token cache and will refresh the token as needed to allow you to work with Graph commands.<\/p>\n\n\n\n As people begin executing Graph SDK commands using the interactive client, they will need consent for the permissions needed to run the commands. For example, to use the Get-MgUser<\/em> cmdlet to retrieve a set of Azure AD accounts, a user needs permission to read directory information, so they might request the permissions using the Scope<\/em> parameter when making the connect as follows:<\/p>\n\n\n\n $RequiredScopes<\/strong> = @(“Directory.AccessAsUser.All”, “Directory.ReadWrite.All”)<\/p>\n\n\n\n Connect-MgGraph -Scopes $RequiredScopes<\/strong><\/p>\n\n\n\n To check that you\u2019re connected to the right tenant with the right profile and permissions, we can extract information about the tenant with the Get-MgOrganization<\/em> cmdlet, the current connection with the Get-MgContext<\/em> cmdlet, and the profile used with the Get-MgProfile<\/em> cmdlet and display some useful information:<\/p>\n\n\n\n $Details<\/strong> = Get-MgContext<\/p>\n\n\n\n $Scopes<\/strong> = $Details<\/strong> | Select -ExpandProperty Scopes<\/p>\n\n\n\n $Scopes<\/strong> = $Scopes<\/strong> -Join “, “<\/p>\n\n\n\n $OrgName<\/strong> = (Get-MgOrganization).DisplayName<\/p>\n\n\n\n CLS<\/p>\n\n\n\n Write-Host “Microsoft Graph Connection Information”<\/p>\n\n\n\n Write-Host “————————————–“<\/p>\n\n\n\n Write-Host ” “<\/p>\n\n\n\n Write-Host (“Connected to Tenant {0} ({1}) as account {2}” -f $Details<\/strong>.TenantId, $OrgName<\/strong>, $Details<\/strong>.Account)<\/p>\n\n\n\n Write-Host “+——————————————————————————————————————-+”<\/p>\n\n\n\n Write-Host (“Profile set as {0}. The following permission scope is defined: {1}” -f $ProfileName<\/strong>, $Scopes<\/strong>)<\/p>\n\n\n\n Write-Host “”<\/p>\n<\/blockquote>\n<\/div><\/div>\n\n\n\n When you\u2019re finished interacting with the Graph, remember to close off the session by running Disconnect-MgGraph <\/em>to sign the session out from the Graph.<\/em> Disconnecting the session removes the encrypted token cache and prevents a session from being reinitialized.<\/p>\n\n\n\n Disconnect-MgGraph<\/p>\n\n\n\n Posted from: https:\/\/practical365.com\/connect-microsoft-graph-powershell-sdk\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Connecting to the Graph SDK The first step in any use of the Graph SDK is to connect to the Graph using the Connect-MgGraph cmdlet. When you run Connect-MgGraph to connect to the Graph, it\u2019s wise to specify the identifier of the tenant to which you want to connect. Connect-MgGraph -TenantId “828e1143-88e3-492b-bf82-24c4a47ada63” If you don\u2019t specify a tenant, Connect-MgGraph will choose… Read More »Microsoft Graph & PowerShell SDK<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":13408,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[384,20],"tags":[],"class_list":["post-13337","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-science","category-script"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/posts\/13337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/comments?post=13337"}],"version-history":[{"count":2,"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/posts\/13337\/revisions"}],"predecessor-version":[{"id":13409,"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/posts\/13337\/revisions\/13409"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/media\/13408"}],"wp:attachment":[{"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/media?parent=13337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/categories?post=13337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/roglacup.com\/klaus62\/wp-json\/wp\/v2\/tags?post=13337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Gathering New Permissions<\/h2>\n\n\n\n
Reporting Your Connection<\/h2>\n\n\n\n
\n
Disconnect When You\u2019re Done<\/h2>\n\n\n\n