Why not run the Connect-MgGraph command and not have the browser prompt for authentication? This is a hands-on guide that shows you how to do this.
To authenticate to the Microsoft Graph API directly from the PowerShell console, you need two PowerShell modules: The first section explains how to install the module.
We then walk you through the steps for your Azure account, retrieve a token for Microsoft Graph, and then use that token to authenticate to the Microsoft Graph API.
Finally, we will discuss how to verify that the Connect-MgGraph command is working by checking available permissions. I’ll show you some examples as well.
I’m using PowerShell 7 to run the commands in this guide. The command works in PowerShell 5, but may behave slightly differently.
Step 1: Install required modules
If you want to run the Connect-MgGraph command and not be prompted for authentication in your browser, you need to install two PowerShell modules. Specifically, you’ll need the Az.Accounts and Microsoft.Graph.Authentication modules.
Install-Module Az.Accounts, Microsoft.Graph.Authentication Import-Module Az.Accounts, Microsoft.Graph.Authentication
Step 2: Authenticate to Microsoft Graph
As hinted at in the introduction, Azure token retrieval is the first step in connecting to Microsoft Graph. This step is done by connecting to your Azure account.
You then use the token to authenticate to Microsoft Graph. The detailed steps are as follows:
- Run the command below to get the credentials needed to authenticate to Azure in PowerShell.
$credential = Get-Credential <Azure logon email>
- The next step is to log in to Azure using the Connect-AzAccount command…
Connect-AzAccount -Credential $credential
The above command will take some time to complete as it uses the credentials stored in the $credential variable to authenticate to Azure. After a successful connection, PowerShell displays information about your Azure tenant.
- Now that you’re logged in to Azure, the next step in this section is to retrieve the Azure access token needed to authenticate to the Microsoft Graph API.
$AzAccessToken = (Get-AzAccessToken -ResourceTypeName MSGraph -ErrorAction Stop).token
- Finally, run the Connect-MgGraph command, specifying the $AzAccessToken variable. This will provide the necessary authentication and stop the command prompting you to authenticate through the browser.
Connect-MgGraph -AccessToken $AzAccessToken -ErrorAction Stop
To confirm that you have successfully authenticated to Microsoft Graph, click “Welcome to Microsoft Graph!” A message is displayed. message.
Step 3: Manage Azure using Microsoft Graph Commands
I accomplished the purpose of this article by showing how to run the Connect-MgGraph command and bypass the browser prompt for authentication.
However, I’d like to share some Azure tasks you can perform using Microsoft Graph module cmdlets. I decided to include these examples as a way to verify that the Microsoft Graph API connection is working.
Let’s start by running the Get-MgContext command. This command displays session scope.
Get-MgContext | Select-Object -ExpandProperty Scopes
The screenshot below shows the result of the above command. To learn more about Microsoft Graph scopes, read the Microsoft Graph permissions reference.
Another command task you can perform is to find Azure AD users using the Get-MgUser command. In the example below, we want to return Azure AD users with a DisplayName that starts with “v”.
Get-MgUser -Filter "startsWith(DisplayName, 'v')"
Another great example of using Microsoft Graph to manage Azure AD is displaying and creating groups. To view Azure AD groups, run the Get-mgGroup command.
The example below returns the group with the specified ID.
Get-mgGroup -GroupId 001fa802-90c5-4753-834b-ef5450d6ff78
Finally, you can create a new Azure AD security group using the New-MgGroup command. See the command below for a sample command to create a group called Office Admins.
New-MgGroup -DisplayName 'Office Admins' -MailEnabled:$False -MailNickName 'OfficeAdmins' -SecurityEnabled
Frequently Asked Questions
As far as I know the valid cmdlet is Connect-MgGraph from the Microsoft.Graph PowerShell module.
If the Connect-MsGraph cmdlet exists, it may come from another PowerShell module that is not officially related to the MS Graph API module.
A faster way to connect to Microsoft Graph through PowerShell is to run the Connect-MgGraph command.
Run the Disconnect-mgGraph command to disconnect your Microsoft Graph PowerShell session.
The Azure AD PowerShell module is used only to manage Azure Active Directory. On the other hand, you can use the Microsoft Graph PowerShell module to manage Azure AD and other Microsoft cloud resources.
Run the Connect-MgGraph command.
Other Useful Resources
- How to connect to the Microsoft Graph API using stored user credentials (doitpsway.com)
- How to connect to Microsoft Graph without prompts – Microsoft Q&A
- Az.Accounts module | microsoft run
- Powershell Gallery | Microsoft.Graph.Authentication 2.0.0
- Using Microsoft Graph PowerShell Authentication Commands | microsoft run
- Microsoft Graph Permissions Reference – Microsoft Graph | microsoft run