Sep 10 2023 08:41 AM - edited Sep 10 2023 08:58 AM
Dear Microsoft Azure and Microsoft 365 Friends,
This article continues with the topic Microsoft Graph PowerShell SDK. Part 1 to 5 can be found here:
This article is about connecting to SharePoint Online. Remember: Connections to the Microsoft Graph are protected by one or more permission scopes.
Service Scopes:
Exchange Online
Mail and Calendar
SharePoint Online (Focus in this article)
Files and Sites
Microsoft Teams
Teams, Channels, Chats and Members
Files Delegated Permissions:
Files.Read
Allows reading the signed-in user's files
Files.Read.All
Allows reading all files the signed-in user can access
Files.ReadWrite
Allows creating, reading, updating, and deleting the signed-in user's files
Files.ReadWrite.All
Allows creating, reading, updating, and deleting all files the signed-in user can access
Files.Read.Selected
Allows reading files that the user selects
Files.Read.Selected.All
Allows reading and writing files that the user selects
Files Application Permissions:
Files.Read.All
Allows reading all files in all site collections without a signed in user
Files.ReadWrite.All
Allows creating, reading, updating, and deleting all files in all site collections without a signed in user
Sites Delegated Permissions:
Sites.Read.All
Allows reading documents and list items in all site collections on behalf of the signed-in user
Sites.ReadWrite.All
Allows editing or deleting documents and list items in all site collections on behalf of the signed-in user
Sites.Manage.All
Allows managing and creating lists, documents, and list items in all site collections on behalf of the signed-in user
Sites.FullControl.All
Allows full control to SharePoint sites in all site collections on behalf of the signed-in user
Sites Application Permissions:
Sites.Read.All
Allows reading documents and list items in all site collections without a signed in user
Sites.ReadWrite.All
Allows editing or deleting documents and list items in all site collections without a signed in user
Sites.Manage.All
Allows managing and creating lists, documents, and list items in all site collections without a signed in user
Sites.FullControl.All
Allows full control to SharePoint sites in all site collections without a signed in user
Sites.Selected
Allow the application to access a subset of site collections without a signed in user
Connecting to SharePoint Online
#Install into the Current User Scope
Install-Module Microsoft.Graph -Scope CurrentUser
#Verify the Installation
Get-InstalledModule Microsoft.Graph
#If needed
Import-Module Microsoft.Graph
#Connection for Creating, Reading, Updating, and Deleting Files
$scopes = @("Files.ReadWrite.All")
Connect-MgGraph -Scopes $scopes
#Connection for Managing Sites
$scopes = @("Sites.Manage.All")
Connect-MgGraph -Scopes $scopes
#Core Connection for Managing Sites and Files
$scopes = @("Files.ReadWrite.All","Sites.FullControl.All")
Connect-MgGraph -Scopes $scopes
So that's it again for part 6, we'll see you again in the next part! A little preview, in the next part we'll talk about Microsoft Teams in the Microsoft Graph. See you soon.
I hope this article was useful. Thank you for taking the time to read the article.
Best regards, Tom Wechsler
P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on GitHub! https://github.com/tomwechsler