Connect-MgGraph (Microsoft Graph)
The Connect-MgGraph cmdlet is used to connect to Microsoft Graph PowerShell. You must install Microsoft Graph PowerShell SDK to use this cmdlet. Else, you will receive the error: “The term ‘Connect-MgGraph’ is not recognized as the name of a cmdlet, function, script file, or operable Program”
Connect-MgGraph [-Scopes] <string []>] [-TenantId] <string>] [-ForceRefresh] [-ClientId <string>] [-ContextScope {Process | CurrentUser}] [-Environment <string>] [-UseDeviceAuthentication] [-ClientTimeout <double>] [-Break] [<CommonParameters>]
Connect-MgGraph [-ClientId] <string> [-CertificateName] <string>] [-CertificateThumbprint] <string>] [-Certificate <X509Certificate2>] [-TenantId <string>] [-ForceRefresh] [-ContextScope {Process | CurrentUser}] [-Environment <string>] [-ClientTimeout <double>] [-Break] [<CommonParameters>]
Connect-MgGraph [-AccessToken] <string>] [-Environment <string>] [-ClientTimeout <double>] [-Break] [<CommonParameters>]
The ‘Connect-MgGraph’ cmdlet initiates connection to Microsoft Graph. After successful connection, you will receive “Welcome to Microsoft Graph!” message.
Example 1: Initiate a connection.
Connect-MgGraph –Scopes "User.Read.All"
This command connects Microsoft Graph with “User.Read.All” permission scope. Each Graph API requires different scope permission. To identify the required scope, you can refer to the Microsoft doc.
Example 2: Connect Microsoft Graph with Tenant id
Connect-MgGraph – TenantId “436r2398-87e4-34y8-43r3h4drf78"
If you don’t specify the TenantId parameter, it will create a session with the last tenant you signed in.
-Access Token <string>
Specifies a bearer token for Microsoft Graph service. Access tokens do timeout and you’ll have to handle their refresh.
Required? false Position? 1 Accept pipeline input? false Parameter set name AccessTokenParameterSet Aliases None Dynamic? false
-Break
Wait for .NET debugger to attach.
Required? false Position? Named Accept pipeline input? false Parameter set name (All) Aliases None Dynamic? false
-Certificate <X509Certificate2>
The Certificate parameter specifies the certificate that’s used for Certificate-based authentication (CBA). An X.509 certificate supplied during invocation.
Don’t use this parameter with the CertificateThumbprint parameter.
Required? false Position? Named Accept pipeline input? false Parameter set name AppParameterSet Aliases None Dynamic? false
-CertificateName <string>
The name of your certificate. The Certificate will be retrieved from the current user’s certificate store.
Required? false Position? 2 Accept pipeline input? false Parameter set name AppParameterSet Aliases CertificateSubject Dynamic? false
-CertificateThumbprint <string>
Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action. For example, `83213AEAC56D61C97AEE5C1528F4AC5EBA7321C1`.
Don’t use this parameter with the Certificate parameter.
Required? false Position? 3 Accept pipeline input? false Parameter set name AppParameterSet Aliases None Dynamic? false
-ClientId <string>
The client id of your application.
Required? true Position? 1 Accept pipeline input? false Parameter set name AppParameterSet, UserParameterSet Aliases AppId Dynamic? false
-Scopes <string []>
An array of delegated permissions to consent to.
Required? false Position? 1 Accept pipeline input? false Parameter set name UserParameterSet Aliases None Dynamic? false
-TenantId <string>
Specifies the ID of a tenant.
Required? false Position? Named Accept pipeline input? false Parameter set name AppParameterSet, UserParameterSet Aliases Audience Dynamic? false
-UseDeviceAuthentication
Use device code authentication instead of browser control
Required? false Position? Named Accept pipeline input? false Parameter set name UserParameterSet Aliases DeviceCode, DeviceAuth, Device Dynamic? false
