Connect-MgGraph

Connect-MgGraph
    [[-Scopes] <String[]>]
    [[-ClientId] <String>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-UseDeviceCode]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

Connect-MgGraph
    [-ClientId] <String>
    [[-CertificateSubjectName] <String>]
    [[-CertificateThumbprint] <String>]
    [-SendCertificateChain <Boolean>]
    [-Certificate <X509Certificate2>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

Connect-MgGraph
    [[-ClientId] <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-Identity]
    [-NoWelcome]
    [<CommonParameters>]

Connect-MgGraph
    [-ClientSecretCredential <PSCredential>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

Connect-MgGraph
    [-AccessToken] <SecureString>
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

Connect-MgGraph
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-EnvironmentVariable]
    [-NoWelcome]
    [<CommonParameters>]

Microsoft Graph PowerShell supports two types of authentication: delegated and app-only access. There are a number of cmdlets that can be used to manage the different parameters required during authentication, for example, environment, application ID, and certificate.

This cmdlet gets the access token using the Microsoft Authentication Library.

PS C:\> Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All"

This example shows how to authenticate to graph with scopes.

PS C:\> Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All" -UseDeviceAuthentication

This example shows how to authenticate to graph with scopes and device.

PS C:\> Connect-MgGraph -AccessToken $AccessToken

This example shows how to authenticate to graph using an access token.

PS C:\> Connect-MgGraph -ClientId <YOUR_NEW_APP_ID> -TenantId <YOUR_TENANT_ID>

Follow this link (https://learn.microsoft.com/en-us/powershell/microsoftgraph/authentication-commands?view=graph-powershell-1.0#using-connect-mggraph)for more information on the steps for creating custom applications.

PS C:\> Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -CertificateThumbprint "YOUR_CERT_THUMBPRINT"

Follow this link (https://learn.microsoft.com/en-us/powershell/microsoftgraph/authentication-commands?view=graph-powershell-1.0#using-connect-mggraph)for more information on how to load the certificate.

PS C:\> Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -CertificateName "YOUR_CERT_SUBJECT"

Follow this link (https://learn.microsoft.com/en-us/powershell/microsoftgraph/authentication-commands?view=graph-powershell-1.0#using-connect-mggraph)for more information on how to load the certificate.

PS C:\> $Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint
PS C:\> Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -Certificate $Cert

Follow this link (https://learn.microsoft.com/en-us/powershell/microsoftgraph/authentication-commands?view=graph-powershell-1.0#using-connect-mggraph)for more information on how to load the certificate.

PS C:\> $ClientSecretCredential = Get-Credential -Credential "Client_Id"
# Enter client_secret in the password prompt.
PS C:\> Connect-MgGraph -TenantId "Tenant_Id" -ClientSecretCredential $ClientSecretCredential

This authentication method is ideal for background interactions. It does not require a user to physically sign in.

PS C:\> Connect-MgGraph -Identity

Uses an automatically managed identity on a service instance. The identity is tied to the lifecycle of a service instance.

PS C:\> Connect-MgGraph -Identity -ClientId "User_Assigned_Managed_identity_Client_Id"

Uses a user created managed identity as a standalone Azure resource.

PS C:\> Get-MgEnvironment
Name     AzureADEndpoint                   GraphEndpoint                           Type
----     ---------------                   -------------                           ----
China    https://login.chinacloudapi.cn    https://microsoftgraph.chinacloudapi.cn Built-in
Global   https://login.microsoftonline.com https://graph.microsoft.com             Built-in
USGov    https://login.microsoftonline.us  https://graph.microsoft.us              Built-in
USGovDoD https://login.microsoftonline.us  https://dod-graph.microsoft.us          Built-in
PS C:\> Connect-MgGraph -Environment USGov

When you use Connect-MgGraph, you can choose to target other environments. By default, Connect-MgGraph targets the global public cloud.

PS C:\> Connect-MgGraph -ContextScope Process

To connect as a different identity other than CurrentUser, specify the -ContextScope parameter with the value Process.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.