This article aims to elucidate the process of installing, verifying, updating, and uninstalling the Microsoft Graph PowerShell Modules. The Microsoft Graph PowerShell Modules are a collection of cmdlets optimized for managing Microsoft Graph data.
Microsoft Graph is an API (Application programming interface) that provides a single endpoint for accessing data, intelligence, and insights from Microsoft 365 and other Microsoft Cloud services. It provides a single endpoint, https://graph.microsoft.com
, that enables access to various data and insights in the Microsoft cloud, including Microsoft 365, Windows, and Enterprise Mobility + Security.
Many of my readers would have already used Graph Explorer to do the Microsoft Graph API calls. Graph Explorer is a handy browser-based tool for running your Graph calls; it doesn’t need any module or set-up file to be installed on your local machine. Installing the Microsoft Graph PowerShell SDK is necessary to automate Microsoft Graph tasks using PowerShell.
Following the steps outlined in this guide will enable users to seamlessly integrate these modules into their systems, allowing for efficient and effective data management. By adhering to proper syntax, avoiding contractions, and ensuring the clarity and conciseness of the text, users can confidently facilitate the installation, verification, updating, and uninstallation of the Microsoft Graph PowerShell Modules.
Prerequisites for Installing Microsoft Graph PowerShell SDK
Microsoft has published the Microsoft Graph PowerShell SDK on the PowerShell Gallery. The SDK includes two modules, Microsoft. Graph and Microsoft.Graph.Beta are respectively called the Microsoft Graph REST API v1.0 and Microsoft Graph REST API beta. Cmdlets are available for the installed module.
To install the Microsoft Graph PowerShell SDK, your PowerShell version should be at least 5.1 or later. However, Microsoft recommends having PowerShell 7 or later. As per Microsoft, no additional prerequisites are required to use the SDK with PowerShell 7 or later.
- Best Guide to Restart Intune Devices Remotely using Microsoft Graph API and PowerShell
- Intune Policy Assignment Classification Easy Secrets of using Graph API with PowerShell
- Manage Intune Tasks with PowerShell Part 1
- Managing Windows Bitlocker Compliance Policy Using Intune | MS Graph | Grace Period
You should have .NET Framework 4.7.2 or later installed on your machine before installing Microsoft Graph PowerShell modules. Microsoft suggests updating PowerShellGet to the latest version using the command Install-Module PowerShellGet
. Also, the PowerShell script execution policy must be set to remote signed or less restrictive. You can set the execution policy by simply running the below command on your PowerShell.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
NOTE! The Scope parameter can have five valid values: MachinePolicy, UserPolicy, Process, CurrentUser, and LocalMachine. LocalMachine is the default when setting an execution policy.
Install Microsoft Graph PowerShell Modules
As mentioned above, the SDK includes two modules, Microsoft. Graph and Microsoft.Graph.Beta, are respectively called the Microsoft Graph REST API v1.0 and Microsoft Graph REST API beta. Let’s learn how to install the Microsoft Graph PowerShell module.
- Open the PowerShell as administrator.
- Run the below command
Install-Module Microsoft.Graph -Scope CurrentUser -force
The above one-line command will install the SDK’s v1 module in PowerShell Core or Windows PowerShell within minutes of running the code.
You will receive a Completed message once the installation is finished, and the message box will disappear automatically after a few seconds.
- To install the SDK’s beta module in PowerShell Core or Windows PowerShell, run the below command.
Install-Module Microsoft.Graph.Beta -Force
The Microsoft Graph SDK’s beta module will also be installed within minutes of running the code. Once the installation is done, you will receive a Completed message, the same as above.
NOTE! It's recommended to use Microsoft Graph v1.0 for scripting. The beta endpoint should only be used for testing or early adoption.
Once the installation is done, it can be verified using the below code.
Get-InstalledModule Microsoft.Graph
The Microsoft. Graph and Microsoft.Graph.Beta is installed on my local machine successfully, and now I’m ready to use the SDK.
- Intune Proactive Remediation Scripts Vs PowerShell Scripts
- How to Trigger SCCM Client Agent Actions Using PowerShell Script
The following command can be utilized to update Microsoft.Graph and Microsoft.Graph.Beta modules. You should use this command to ensure that the modules are up-to-date and functioning properly.
Update-Module Microsoft.Graph
The Microsoft Graph PowerShell Modules can be uninstalled using the below command. The code will uninstall the main module.
Uninstall-Module Microsoft.Graph -AllVersions
How to use the Microsoft Graph PowerShell SDK
We have installed the Microsoft Graph PowerShell SDK on my local machine. Let’s learn how to use it to perform some basic tasks, which will help you automate your daily tasks.
You must Sign in using Connect-MgGraph
command each time to automate your daily tasks
- Open the PowerShell as an Administrator.
- Type
and hit enterConnect-MgGraph
- The PowerShell prompt you to enter the credentials to authenticate Microsoft Graph
NOTE! To grant more permissions, you can repeat the Connect-MgGraph command with the new permission scopes added.
In this example, I will demonstrate how to retrieve details of the Microsoft Store app in your tenant using the cmdlet Get-MgBetaDeviceAppManagementMobileApp
. Before you start coding, you must have an understanding of the required permissions for the cmdlet. The Find-MgGraphCommand
cmdlet will help you retrieve the required permission details for any cmdlet. For example, I will see the required permission to run Get-MgBetaDeviceAppManagementMobileApp
.
Find-MgGraphCommand -command Get-MgBetaDeviceAppManagementMobileApp | Select -First 1 -ExpandProperty Permissions
DeviceManagementApps.Read.All and DeviceManagementApps.ReadWrite.All are the required permissions to run Get-MgBetaDeviceAppManagementMobileApp
.
Name | IsAdmin | Description |
---|---|---|
DeviceManagementApps.Read.All | False | Read Microsoft Intune apps |
DeviceManagementApps.ReadWrite.All | False | Read and write Microsoft Intune apps |
As I mentioned, you can repeat the Connect-MgGraph
with the new permission scopes added.
Connect-MgGraph -Scopes “DeviceManagementApps.Read.All”,”DeviceManagementApps.ReadWrite.All”
I have successfully connected to MgGraph with the necessary permissions. Reviewing the permission requirements before coding is important to avoid getting a forbidden error when executing automation tasks.
- Best way to Deploy Shell Scripts using Intune
- Run Remediation Script on-demand for Windows Devices using Intune
- PowerShell Script to Create a Local Admin Account using Intune
In this example, I am using the code below to retrieve details of the new Microsoft Store app. The code fetches the DisplayName, CreatedDateTime, ID, and whether it is assigned to any group. It is possible to obtain additional information by using a different approach in the code.
Get-MgBetaDeviceAppManagementMobileApp -Filter “(isof(‘microsoft.graph.winGetApp’))” | select DisplayName,CreatedDateTime, Id, IsAssigned
To obtain the output in the Gridview format, the recommended approach is to employ the Out-GridView
command. This command enables the user to display the output in a tabular form with the option to sort, filter, and group the data for improved data analysis. The Gridview format provides a user-friendly interface for viewing and manipulating data, which is particularly useful in business and academic settings where data analysis is a critical component. By utilizing the Out-GridView
command, users can streamline data analysis processes and improve the efficiency of their workflow. Then Out-GridView output should look like the below.
Get-MgBetaDeviceAppManagementMobileApp -Filter “(isof(‘microsoft.graph.winGetApp’))” | select DisplayName,CreatedDateTime, Id, IsAssigned | Out-GridView
Once you are done with your tasks, you can use Disconnect-MgGraph
a command to sign out.
I trust that this article will greatly benefit you and your organization. Thank you for your patience in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
About the Author – Sujin Nelladath has over 10 years of experience in SCCM device management and Automation solutions. He writes and shares his experiences with Microsoft device management technologies, Azure, and PowerShell automation.