Microsoft 365 : Microsoft Graph PowerShell tutorial – Part 3 – using client id (App ID) and certificate for connecting graph – Connect-MgGraph

Hi All,

Greetings for the day!

Continuing on my favorite topic – Microsoft Graph PowerShell.

This is 3rd article in the series. In this article we will continue to explore – Connect-MgGraph CMDLET, we will explore – how to connect Microsoft Graph using AppId / ClientId and certificate

If you are beginner to Microsoft Graph PowerShell, please have a look at following article once

• Microsoft 365 : PowerShell – Microsoft Graph PowerShell tutorial – Part 1 – starting with Microsoft Graph PowerShell – https://knowledge-junction.in/2023/08/30/microsoft-365-powershell-microsoft-graph-powershell-tutorial-part-1/
• Microsoft 365 : PowerShell – Microsoft Graph PowerShell tutorial – Part 2 – exploring Connect-MgGraph with couple of scenarios – https://knowledge-junction.in/2024/01/18/microsoft-365-powershell-microsoft-graph-powershell-tutorial-part-2-exploring-connect-mggraph-with-couple-of-scenarios/

Details

• To connect Graph API with PowerShell using App ID (client id) we need
  • To register an Application in Azure AD – we have detailed article for registering an application from Microsoft Entra admin center – Microsoft Entra – registering new application and assigning permissions to access Microsoft Graph APIs – https://knowledge-junction.in/2024/01/18/microsoft-entra-registering-new-application-and-assigning-permissions-to-access-microsoft-graph-apis/
  • We need to grant permission to respective application to access the Graph API
  • So with help of above article we have registered new app and following are the details

• Add certificate or client secrete to App ID. Here in this article we will use to create/generate certificate – PowerShell – script to generate a self-signed Certificate – exploring New-SelfSignedCertificate CMDLET – https://knowledge-junction.in/2024/01/20/powershell-script-to-generate-a-self-signed-certificate-exploring-new-selfsignedcertificate-cmdlet/
• From following above article, we have generated self signed certificate and stored in current user store as

• Once we generated certificate we need to export it to upload to our App
• We will use – Export-Certificate CMDLET to export the certificate as

$certToExport = (Get-ChildItem -Path f97ef453d78e31ba3c6151bd066d92b7fcbd377b)

#specify the path where you need to download the certificate
Export-Certificate -Cert $certToExport -FilePath "C:\Users\prasham\Downloads\graphapi.pfx"

Upload the certificate to the App

• Navigate to our App overview page – https://entra.microsoft.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade/quickStartType~/null/sourceType/Microsoft_AAD_IAM?Microsoft_AAD_IAM_legacyAADRedirect=true

• Click on our new created app – microsoftgraphpowershell – as shown in above snap. We will be redirected to our app overview page – https://entra.microsoft.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/appId/a2073b4e-14e4-448a-a449-39022286c03c/isMSAApp~/false?Microsoft_AAD_IAM_legacyAADRedirect=true

• To upload certificate, click on “Certificates & secrets” link from left menu as shown in above snap
• We will be redirecting to app – “Certificates & secrets” page as

• We will upload certificate from the above page
• Once certificate uploaded successfully , we will have certificate details on the page as

• Here, take a not of – Thumbprint – will be using while connecting to Microsoft Graph

Connect to Graph API with App ID using the Certificate

• To connect Microsoft Graph using we will require
  • Tenant ID / Directory ID
  • App ID / Client ID
  • Certificate ThombPrint

#Parameters for Tenant ID and Client ID
$TenantID = “6b38e1c3-a1fe-40cc-8b93-a4159a50592c”
$ClientID = “a2073b4e-14e4-448a-a449-39022286c03c” #App ID
$CertThumbPrint = “F97EF453D78E31BA3C6151BD066D92B7FCBD377B”

#Connect to Microsoft Graph using App
Connect-MgGraph -ClientID $ClientID -TenantId $TenantID -CertificateThumbprint $CertThumbPrint

Output:

PS Cert:\CurrentUser\My> #Parameters for Tenant ID and Client ID
$TenantID = “6b38e1c3-a1fe-40cc-8b93-a4159a50592c”
$ClientID = “a2073b4e-14e4-448a-a449-39022286c03c” #App ID
$CertThumbPrint = “F97EF453D78E31BA3C6151BD066D92B7FCBD377B”

#Connect to Microsoft Graph using App
Connect-MgGraph -ClientID $ClientID -TenantId $TenantID -CertificateThumbprint $CertThumbPrint
Welcome To Microsoft Graph!

PS Cert:\CurrentUser\My>

REFERENCES

• Microsoft 365 : PowerShell – Microsoft Graph PowerShell tutorial – Part 1 – starting with Microsoft Graph PowerShell – https://knowledge-junction.in/2023/08/30/microsoft-365-powershell-microsoft-graph-powershell-tutorial-part-1/
• Microsoft 365 : PowerShell – Microsoft Graph PowerShell tutorial – Part 2 – exploring Connect-MgGraph with couple of scenarios – https://knowledge-junction.in/2024/01/18/microsoft-365-powershell-microsoft-graph-powershell-tutorial-part-2-exploring-connect-mggraph-with-couple-of-scenarios/
• Microsoft Entra – registering new application and assigning permissions to access Microsoft Graph APIs – https://knowledge-junction.in/2024/01/18/microsoft-entra-registering-new-application-and-assigning-permissions-to-access-microsoft-graph-apis/
• PowerShell – script to generate a self-signed Certificate – exploring New-SelfSignedCertificate CMDLET – https://knowledge-junction.in/2024/01/20/powershell-script-to-generate-a-self-signed-certificate-exploring-new-selfsignedcertificate-cmdlet/

Thanks for reading ! Stay tuned for more articles on Microsoft Graph PowerShell and PowerShell !

HAPPY LEARNING AHEAD 🙂 LIFE IS BEAUTIFUL 🙂