top of page

ScriptsbyScott.com

  • LinkedIn

Getting Started with PowerShell Module MgGraph for Microsoft Graph API Management

  • Writer: Scott Head
    Scott Head
  • Nov 13
  • 3 min read

Microsoft Graph API offers a powerful way to interact with Microsoft 365 services, but managing it through raw REST calls can be complex and time-consuming. The PowerShell Module MgGraph simplifies this process by providing a set of cmdlets designed to interact with Microsoft Graph API efficiently. This post will guide you through the basics of using the MgGraph module, helping you automate tasks and manage Microsoft 365 resources with ease.


Eye-level view of a computer screen displaying PowerShell commands related to Microsoft Graph API
PowerShell window showing Microsoft Graph API commands

What is the PowerShell Module MgGraph?


MgGraph is a PowerShell module that acts as a wrapper around the Microsoft Graph API. It allows administrators and developers to perform operations on Microsoft 365 services such as users, groups, mail, calendars, and more without writing complex HTTP requests. Instead, you use simple PowerShell cmdlets that handle authentication, request formatting, and response parsing.


This module supports modern authentication methods, including delegated and application permissions, making it suitable for both interactive and automated scripts.


Installing and Setting Up MgGraph


To start using MgGraph, you first need to install it from the PowerShell Gallery. Open your PowerShell console with administrative privileges and run:


```powershell

Install-Module -Name MgGraph -Scope CurrentUser

```


After installation, import the module:


```powershell

Import-Module MgGraph

Special Note: Import subset of module

Import-Module Microsoft.Graph.Users 

```


Next, connect to Microsoft Graph with the appropriate permissions. For example, to connect interactively with delegated permissions:


```powershell

Connect-MgGraph -Scopes User.Read.All, Group.ReadWrite.All

```


This command prompts you to sign in with your Microsoft 365 account and grants the specified permissions. You can check your connection status with:


```powershell

Get-MgContext

```


Exploring Basic Cmdlets


MgGraph provides cmdlets that follow a consistent naming pattern, making it easier to remember and use them. Here are some common cmdlets to get started:


  • `Get-MgUser` — Retrieves user information.

  • `New-MgUser` — Creates a new user.

  • `Get-MgGroup` — Retrieves group details.

  • `Add-MgGroupMember` — Adds a member to a group.

  • `Remove-MgUser` — Deletes a user.


For example, to list all users in your tenant:


```powershell

Get-MgUser -All

```


To create a new user, you might use:


```powershell

New-MgUser -AccountEnabled $true -DisplayName "John Doe" -MailNickname "johndoe" -UserPrincipalName "johndoe@yourdomain.com" -PasswordProfile @{ForceChangePasswordNextSignIn=$true; Password="P@ssw0rd!"}

```


Managing Groups with MgGraph


Groups are essential for managing access and collaboration in Microsoft 365. MgGraph makes group management straightforward.


To create a new Microsoft 365 group:


```powershell

New-MgGroup -DisplayName "Project Team" -MailEnabled $true -MailNickname "projectteam" -SecurityEnabled $false -GroupTypes "Unified"

```


To add a user to this group:


```powershell

Add-MgGroupMember -GroupId <GroupId> -DirectoryObjectId <UserId>

```


Replace `<GroupId>` and `<UserId>` with the actual IDs, which you can retrieve using `Get-MgGroup` and `Get-MgUser`.


Automating Tasks with Scripts


One of the biggest advantages of using MgGraph is the ability to automate repetitive tasks. For example, you can write a script to disable all users who have not signed in for over 90 days:


```powershell

$inactiveUsers = Get-MgUser -All | Where-Object {

$_.SignInActivity.LastSignInDateTime -lt (Get-Date).AddDays(-90)

}


foreach ($user in $inactiveUsers) {

Update-MgUser -UserId $user.Id -AccountEnabled $false

Write-Output "Disabled user $($user.DisplayName)"

}

```


This script fetches all users, filters those inactive for more than 90 days, and disables their accounts. Such automation saves time and reduces errors.


Handling Permissions and Authentication


MgGraph supports different authentication flows. For unattended scripts, you can use application permissions with a registered Azure AD app. This requires setting up an app registration in Azure AD, granting it the necessary API permissions, and using a certificate or client secret for authentication.


Here’s an example of connecting using a client secret:


```powershell

Connect-MgGraph -ClientId "<AppId>" -TenantId "<TenantId>" -ClientSecret "<Secret>"

```


This method allows scripts to run without user interaction, ideal for scheduled tasks.


Tips for Effective Use


  • Use `Get-Help <cmdlet>` to explore parameters and examples for any MgGraph cmdlet.

  • Always test scripts in a non-production environment before running them live.

  • Use `-All` parameter carefully; it retrieves all records and may impact performance.

  • Combine MgGraph with other PowerShell modules for comprehensive automation.


Summary


The PowerShell Module MgGraph offers a practical way to manage Microsoft Graph API through familiar PowerShell commands. It simplifies tasks like user and group management, automates routine operations, and supports secure authentication methods. By integrating MgGraph into your workflow, you can save time and reduce complexity when managing Microsoft 365 environments.


Start by installing the module, connecting with the right permissions, and exploring basic cmdlets. Then, build scripts tailored to your needs. The more you use MgGraph, the more you’ll discover its potential to improve your Microsoft 365 management.


 
 
 

Comments

bottom of page