top of page

How to connect to MS Graph API using Azure AD Application ?

Microsoft Teams Graph API provides a powerful way to interact with Teams data programmatically. With PowerShell, you can automate various tasks and retrieve valuable information from Microsoft Teams. In this article, we will explore the process of connecting to the Microsoft Teams Graph API using PowerShell.

Step 1: Install PowerShell Module: First, ensure that you have the latest version of PowerShell installed on your machine. Then, install the Microsoft Teams PowerShell module by running the following command in a PowerShell session :

Install-Module -Name MicrosoftTeams -Force

Step 2: Authenticate with Microsoft Graph API: To connect to the Microsoft Teams Graph API, we need to authenticate using an Azure AD application. Here are the steps to set up the authentication:

  1. Register an Azure AD application:

    • Go to the Azure portal ( and sign in with your Azure AD account.

    • Navigate to the Azure Active Directory page and select "App registrations".

    • Click on "New registration" to create a new application.

    • Provide a name for the application and select the appropriate account types and redirect URI.

2. Obtain the application's client ID and client secret:

  • Once the application is registered, note down the "Application (client) ID" and generate a client secret from the "Certificates & secrets" section.

3. Grant the necessary permissions:

  • In the Azure portal, go to the "API permissions" section of your application registration.

  • Add the required permissions for accessing Microsoft Graph API, such as "Team.ReadBasic.All" or "Team.ReadWrite.All".

4 . Generate an auto signed certificate using Powershell :

$cert = New-SelfSignedCertificate -Subject "CN=Contoso" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256

Then export the certificate on our machine :

If you need to use this certificate on other servers (which will be the case if another server needs to authenticate to Microsoft Graph via PowerShell), you need to export it in PFX format. If you don't have this requirement, you can ignore the next two commands :

Once that's done, you just need to copy the PFX file to the other servers and import it. Remember to store the private key password in your preferred password manager...

Go back to the Azure AD interface, still within our application, and click on "Certificates & secrets" on the left. Then, click on "Download certificate" and upload the CER file. Confirm, and it will appear in the list of certificates like this:

Copy the value of "Thumbprint" because we will need it for the next steps.

Now, the configuration is ready, and we can connect to Microsoft Graph via PowerShell. For that, we need three pieces of information:

Application (client) ID for the -ClientId

parameter Directory (tenant) ID for the -TenantId

parameter Certificate thumbprint for the -CertificateThumbprint parameter

This gives us the following Connect-MgGraph command:

Connect-MgGraph -ClientID $ClientID -TenantId $TenantID -CertificateThumbprint $certificationThumbprint

Execute this command, and voila, it's magical - we are authenticated directly! No further action is required. It's the combination of these three values (along with the presence of the certificate on the machine) that allows us to authenticate to Microsoft Graph.

Now, all that's left is to interact with our Microsoft environment! This authentication method is ideal for your PowerShell scripts.

64 views0 comments


bottom of page