Getting Started with Microsoft Graph and PowerShell

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we get started with microsoft graph and powershell [Music] hello everyone i'm travis and this is cerraltos coming up we get started with microsoft graph and powershell we'll start with an overview of microsoft graph and then move on to some examples before that please like subscribe share with a friend and become a member for early access to videos take a look at my courses on azure virtual desktop and hybrid identities with windows id and azure id at udemy.com the links are below your support is appreciated also i know many of you come to these videos to get a solution to a specific issue or to see some examples you may be tempted to skip ahead to the examples the microsoft graph is a significant change for powershell and having an understanding of what changed and why will go a long way to proficiency with microsoft graph and powershell if you're new to microsoft graph and powershell stick with the video to gain an understanding of what has changed back to it so what is microsoft graph and why should you care microsoft graph is an application programming interface or api used to access data about the microsoft 365 platform it includes exchange online azure id enterprise mobility and other services it offers a single endpoint to access data at graph.microsoft.com previously there were multiple apis to access 365 data that's why we had a separate module for azure ad and ms online offering a single endpoint simplifies development developers don't have to write code to query multiple endpoints microsoft graph is a restful api meaning http requests are used to access the data we can use the get put post and delete web methods to view and update data at the microsoft graph that's a lot of information a developer may be interested in but if you're like me not a developer why should you care microsoft has announced plans to depreciate the azure 80 graph api and along with its support for the azure 80 powershell module the azure 80 powershell module uses that api it's the same for the ms online powershell module both the azure ad and ms online powershell modules are planned to be retired as of this recording the planned depreciation of the ms online and azure 80 module is december of 2022 microsoft recommends moving any scripts or other powershell processes to the new microsoft graph powershell module microsoft is not actively adding features to the older azure ad or ms online modules development efforts are now focused on the microsoft graph powershell module and that brings us here getting started with microsoft graph and powershell that sounds easy enough just install the new module and update commands right not really there are some changes with the module we need to be aware of before getting started the azure ad and ms online modules were custom curated to provide it professionals with a simple way to access online data in comparison the microsoft graph powershell module is a thin wrapper around the rest api calls although the ms graph commands look similar to the azure ad and ms online commands they work differently the ms graph commands make an http get put update and delete api call and those commands follow the same rules as the api call previously with powershell we didn't have to think about what was going on inside the code we just ran the commands and worked with the data it returned switching to the api graph provides one api for all azure ad and microsoft 365 services the microsoft graph powershell commands are auto-generated based on an api schema that means we get faster updates and functionality compared to human authored modules the downside is that the documentation is also automatically generated the documentation may be accurate but not always helpful the commands are not always user friendly and offer little examples of usage inevitably we'll need to reference the api documentation to navigate command options such as filtering for example this may be helpful for developers but is not as intuitive as we're used to with other powershell modules coming up we're going to prepare an environment by installing powershell 7 and the microsoft graph software development kit or sdk then we run through some examples by viewing creating and updating a group let's get started in powershell we'll start in powershell i had some working examples on powershell 5 but the documentation indicates we should use powershell 7. i'll use 7 for the examples to limit any unpredictable results if you have powershell 7 already installed you can skip ahead we'll use wingit to install the package there's also an msi option available if you prefer that let's search for the versions available with winget search microsoft.powershell i'll agree to the terms we get the results for both powershell 7 and powershell 7 preview let's install the stable release using the command wingit install id microsoft.powershell source winget we'll click yes when prompted i can make this window a little bit bigger next let's view the version by looking at the ps version table variable looks like i had a typo there and it's showing we're still using powershell version 5.1 let's restart vs code to use powershell 7. to open up a new powershell window running powershell seven let's go to powershell let's view the version table now we're on seven we can switch between different versions of the powershell console with this drop down we can also create a new powershell session with this dropdown as well as cloud shell the command prompt and get good now that we're running a powershell 7 terminal let's install the graph sdk this uses powershell git to download the module first set the execution policy to remote signed for the current user next we'll install the module for the current user you can change the scope to all users if needed approve the download when prompted once finished we can verify it's installed with the get installed module microsoft.graft command there it is and i'll make this bigger still now that we've downloaded the microsoft graph sdk we have mg commands let's run get mg profile that returns api version 1.0 this is the stable release of the api we can change this to the beta version if we want to use preview features with the select mg profile command now if we get the current profile it shows we're on beta let's change it back to version one now let's head back to version one now that we have the version set let's log in this is where things get a little different we can set permissions our session will have when we connect to do this we first need to know the commands will run let's look at the permissions available with the get mg group command using the find mgraft command command select first one indicates we're selecting the first extended property in permissions for this example we want to create and update a group so the first permission i want is the group read and write permission next we'll run the same command only using get hyphen mguser i only need to read user information for this example i'll use the user.read.all permission for the example coming up now that we know what permissions we need let's log in by the way you may be wondering why we need to set permissions these permissions set the rights for the application powershell in this example the theory of lease permissions means we don't want to elevate our permissions beyond what we need therefore we're only granting rights to accommodate the tasks we need to complete let's log in with the connect mgraft command passing in our permissions or scopes i'm already logged in if this is the first time you're logging in you'll get a prompt log in to start the session now that we're logged in we can start by viewing our current groups we can start with get hyphen mg group let's look at a microsoft 365 group this example the group is called managers here i'm filtering on the display name of managers that returns a limited set of details let's pipe that into format list or fl to get all settings here's the complete list if we go up notice that the on-premises settings are empty this group is sourced from azure id not windows 80. also let's go up to group type the group type is unified that indicates it's a microsoft 365 group let's go down to security enabled a microsoft 365 group can be security enabled or not security enabled this one is security enabled let's search for all microsoft 365 groups we know that all microsoft 365 groups have the group type unified let's set the filter for that that didn't work i noticed there were squiggly brackets in the output we were just looking at let's add squiggly brackets that didn't work either let's try using wildcards and that didn't work i'll stop here because we can't filter on group types let's look at the microsoft documentation on the filter command the link for this is below this is a document that indicates what type of search works what requires advanced property settings and what's not supported let's go down to group properties display name is supported but group type is not even listed we can't filter on group type i'd also like to point out one other thing if we go to the command page for get ms group we'll go down to filter notice that except wild card characters is not supported that means we can't use wild cards even if the filter is supported so how do we find all of our microsoft 365 groups while we're still using powershell we can pipe the output from one command into a where object command and filter for unified now we're returning all groups and then piping that into where object and that will filter when the group type is like unified those are my three microsoft 365 groups now we know how to filter groups let's create a new group next this example uses something called splatting it's the creation of a hash table that includes the parameters and values that are passed into a command splatting makes it easier to read and update values in a command a hash table starts by setting a parameter then the at symbol and opening and closing squiggly bracket the key value pairs are between the brackets on the screen are the parameters for a new group there are a lot of other options available this is the minimum to create a security group in azure id we'll select and run the parameter block to add it to memory next we'll run the new hyphen mg group command and pass in the hash table as the body parameters it shows it's created let's verify that with the get mg group command this gets the group with a display name test mg group and outputs it as a list that creates our group let's update it with members next let's start by assigning the group id to a variable this command runs the get mg group filtering on display name test mg group but it only returns the id property and then it assigns that to the group id variable we can see our group id by viewing the variable next we need to get our user's id let's use the get mguser command here we're using the get mg user filtering on display name and that user account is test one user one that's good but we only need the user id so just like the group id let's create a variable called user id then we'll pass in that same command only returning just the id now if we view user id we've got our user id for that user now that we have our user id and the group id let's update the group we'll use the new mg group member command for this that command supplies the group id and the user id okay no errors that's good but let's verify that user is in the group with the get mg group member command with this command we're also supplying the group id okay it shows that something's in it and we can tell by the id of a previous command that it is the correct user but for future reference i don't have everyone's directory id memorized let's try it again but outputting the data as a list we'll just pipe it to an fl or format list here it shows the display name and the additional properties let's run that now what we're doing is we're still running the get mg group command passing in the group id next we're only going to output or select specific information from the previous commands output that includes the id which is the user id and in this case we're passing in the additional parameters.displayname now we have the id and the username for all the members of that group and just because i'm a little bit ocd i don't like the formatting of that we're going to change the display name to just display name we'll format the output with the name display name and then use the expression to output the display name under additional properties okay a little powershell formatting for you but that looks better doesn't it we could add additional users if we wanted with the same method but next we're going to remove the group we'll need the group id to remove the group if we don't have it we can use this command that finds a group by display name and then returns the id next relatively important step is verifying we have the correct group you don't want to remove the wrong group we'll use the get mg group command for that test mg group yup that's what i want to delete let's remove the group with the remove mg group command here again we're passing in the group id no errors it must be gone let's verify that we'll use the get mg group command again filtering on display name test mg group and nothing's returned that means our group doesn't exist that's how to prepare an environment to use microsoft graph we also went over how to search create update and remove a group with the ms graph and powershell that is how to prepare an environment for microsoft graph and powershell as well as search create update and remove a group i hope this helps you better understand how to use microsoft graph and powershell please don't forget to like and subscribe and thanks for watching

Info

Channel: Travis Roberts

Views: 16,889

Rating: undefined out of 5

Keywords: Microsoft Graph, PowerShell, SDKs, API, azure, azure cloud, Microsoft Azure, Microsoft, Cloud, Rest API, RESTful, Azure AD, Management, MSonline, Module, dev, depreciated, replace

Id: oilylijvbic

Channel Id: undefined

Length: 18min 7sec (1087 seconds)

Published: Sun Aug 21 2022