Part 6 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!

MVP

 

Dear Microsoft Azure and Microsoft 365 Friends,

 

This article continues with the topic Microsoft Graph PowerShell SDK. Part 1 to 5 can be found here:

 

https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with...

 

https://techcommunity.microsoft.com/t5/windows-powershell/part-2-manage-azure-and-microsoft-365-with...

 

https://techcommunity.microsoft.com/t5/windows-powershell/part-3-manage-azure-and-microsoft-365-with...

 

https://techcommunity.microsoft.com/t5/windows-powershell/part-4-manage-azure-and-microsoft-365-with...

 

https://techcommunity.microsoft.com/t5/windows-powershell/part-5-manage-azure-and-microsoft-365-with...

 

This article is about connecting to SharePoint Online. Remember: Connections to the Microsoft Graph are protected by one or more permission scopes.

 

Service Scopes:

 

Exchange Online
Mail and Calendar

 

SharePoint Online (Focus in this article)
Files and Sites

 

Microsoft Teams
Teams, Channels, Chats and Members


Files Delegated Permissions:

 

Files.Read
Allows reading the signed-in user's files

 

Files.Read.All
Allows reading all files the signed-in user can access

 

Files.ReadWrite
Allows creating, reading, updating, and deleting the signed-in user's files

 

Files.ReadWrite.All
Allows creating, reading, updating, and deleting all files the signed-in user can access

 

Files.Read.Selected
Allows reading files that the user selects

 

Files.Read.Selected.All
Allows reading and writing files that the user selects


Files Application Permissions:

 

Files.Read.All
Allows reading all files in all site collections without a signed in user

 

Files.ReadWrite.All
Allows creating, reading, updating, and deleting all files in all site collections without a signed in user


Sites Delegated Permissions:

 

Sites.Read.All
Allows reading documents and list items in all site collections on behalf of the signed-in user

 

Sites.ReadWrite.All
Allows editing or deleting documents and list items in all site collections on behalf of the signed-in user

 

Sites.Manage.All
Allows managing and creating lists, documents, and list items in all site collections on behalf of the signed-in user

 

Sites.FullControl.All
Allows full control to SharePoint sites in all site collections on behalf of the signed-in user


Sites Application Permissions:

 

Sites.Read.All
Allows reading documents and list items in all site collections without a signed in user

 

Sites.ReadWrite.All
Allows editing or deleting documents and list items in all site collections without a signed in user

 

Sites.Manage.All
Allows managing and creating lists, documents, and list items in all site collections without a signed in user

 

Sites.FullControl.All
Allows full control to SharePoint sites in all site collections without a signed in user

 

Sites.Selected
Allow the application to access a subset of site collections without a signed in user


Connecting to SharePoint Online

 

#Install into the Current User Scope
Install-Module Microsoft.Graph -Scope CurrentUser

 

#Verify the Installation
Get-InstalledModule Microsoft.Graph

 

#If needed
Import-Module Microsoft.Graph

 

#Connection for Creating, Reading, Updating, and Deleting Files
$scopes = @("Files.ReadWrite.All")

Connect-MgGraph -Scopes $scopes

 

#Connection for Managing Sites
$scopes = @("Sites.Manage.All")

Connect-MgGraph -Scopes $scopes

 

#Core Connection for Managing Sites and Files
$scopes = @("Files.ReadWrite.All","Sites.FullControl.All")
Connect-MgGraph -Scopes $scopes


So that's it again for part 6, we'll see you again in the next part! A little preview, in the next part we'll talk about Microsoft Teams in the Microsoft Graph. See you soon.

 

I hope this article was useful. Thank you for taking the time to read the article.

 

Best regards, Tom Wechsler

 

P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on GitHub! https://github.com/tomwechsler

0 Replies