Install-Module MSOnline - not working
Hi all, I am struggling to install: Install-Module MSOnline I get: I have tried: Get-PSRepository WARNING: Unable to find module repositories. When I run: Register-PSRepository -Default I get no error but when trying to run Get-PSRepository again i get WARNING: Unable to find module repositories. Any ideas on how to fix this?
Powershell API rest v1 to v2 with oauth
I recently recieved noticed that v1.0 is going away by Nov 2018 and v2.0 should be used. I have some idea after researching this but need some help. Currently using below which I believe is going away. $url = "outlook.office365.com/api/v1.0/me/messages" $messageQuery = $url + "?`$select=Id,Subject&`$filter=HasAttachments eq true and DateTimeReceived ge " + $date I understand I have to register my app. I did that under that account that recieves the reports and gave permissions for mail.read. I'll probably end up changing the messagequery which if anyone knows the best resource to try a mimic my query to new version would be much appreciated. I'm reading in other blogs saying that a user action must take place to receive token back. All this is a a powershell script that picks up attachments in emails and downloads them automatically on a daily scheduled run. Is there any resource or example PS scripts somewhere I can read about using simple powershell scripts with oauth 2.0? The idea is that no user action is needed....any additional help would be much appreciated.Part 1 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, PowerShell can be used to manage a wide variety of cloud services from Microsoft. This starts with the Azure Active Directory, Teams up to SharePoint Online. So why should I bother with the Microsoft Graph PowerShell SDK? Very briefly, it is the one-stop shop for managing Microsoft cloud services with PowerShell. What Is the Microsoft Graph PowerShell SDK? - Application Programming Interface (API) wrapper for the Microsoft Graph APIs - Contains PowerShell commands for automation at scale - Allows connecting to single or multiple Microsoft 365 and Azure Active Directory services Microsoft Graph PowerShell SDK Features: - Provides access to all the Microsoft Graph APIs - Supports PowerShell 7 and above and cross-platform - Support for modern authentication Microsoft Graph PowerShell SDK supports PowerShell 7 and is Cross-platform: - Microsoft Graph PowerShell module works with PowerShell 7 and later - Cross-platform support for Windows, macOS, and Linux - Compatible with Windows PowerShell 5.1 Microsoft Graph API: - Published Version (v1.0) - Beta Version Let's compare it once the work with PowerShell, once "Normal" and once with the Microsoft Graph. On the left you can see that we need to install the modules for each Microsoft Cloud service. On the right, we install the Microsoft Graph and then we can manage the different services. Do not pay attention to the code, it is not complete. The point of this comparison is that on the left we have to install several modules including the different connections to the cloud services. Installing the Microsoft GraphPowerShell SDK. Installation Prerequisites: - Installed a compatible version of PowerShell - Execute on a supported operating system, either Windows, macOS, and Linux - Install the NuGet provider to interact with the PowerShell Gallery - If using Windows platforms, set the execution policy to remote signed or less restrictive You can use the following cmdlets to perform the installation (# are comments) : #Install the NuGet Provider Install-PackageProvider -Name NuGet -Force #Set the Execution Policy (Windows) Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser #Install into the Current User Scope Install-Module Microsoft.Graph -Scope CurrentUser or #Install into the All-User Scope Install-Module Microsoft.Graph -Scope AllUsers -Force -Verbose #Verify the Installation Get-InstalledModule Microsoft.Graph #Updating the Module Update-Module Microsoft.Graph Installing the main "Microsoft.Graph" module, will install additional sub modules. Installation Considerations: - Always install the "Microsoft.Graph.Authentication" module this is needed to establish the connection. - Only install necessary modules if necessary. - Installing the Microsoft Graph PowerShell SDK in one version of PowerShell does not install it for other That's it for the first part. In the second part we will talk about the scopes and connect to Microsoft 365. I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerPart 4 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, This article continues with the topic Microsoft Graph PowerShell SDK. Part 1, 2 and 3 can be found here: https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3300352 https://techcommunity.microsoft.com/t5/windows-powershell/part-2-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3302366 https://techcommunity.microsoft.com/t5/windows-powershell/part-3-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3339696 This article is about managing users and groups. How to Connect to Microsoft 365 for User Management? Remember: Connections to the Microsoft Graph are protected by one or more permission scopes. Delegated User Permissions: 1. User.ReadBasic.All Allows reading a basic set of profile properties of other users in the organization on behalf of the signed-in user 2. User.Read.All Allows reading the full set of profile properties, reports, and managers of other users in the organization, on behalf of the signed-in user 3. User.ReadWrite.All Allows reading and writing the full set of profile properties, reports, and managers of other users in the organization, on behalf of the signed-in user. Allows creation and deletion of users as well as reset passwords 4. Directory.Read.All Allows reading of data in the organization's directory, such as users, groups and apps 5. Directory.ReadWrite.All Allows reading and writing data in the organization's directory, such as users, and groups 6. Directory.AccessAsUser.All Allows the app or code to have the same access to data in the directory as the signed-in user Connect for User Management: #If needed Import-Module Microsoft.Graph #Set the API to the 'beta' endpoint Select-MgProfile -Name "beta" #Read Only Connection $scopes = @( "User.ReadBasic.All" "User.Read.All" "Directory.Read.All" ) Connect-MgGraph -Scopes $scopes #Read and Write Connection $scopes = @( "User.ReadWrite.All" "Directory.ReadWrite.All" ) Connect-MgGraph -Scopes $scopes #Check the permissions Get-MgContext | select -ExpandProperty scopes Creating, Updating, and Deleting Users - Basic User Management Commands: - Get-MgUser - Remove-MgUser - New-MgUser - Update-MgUser Retrieving User Accounts: #Retrieve All Users Get-MgUser | Format-List ID, DisplayName, Mail, UserPrincipalName #Retrieve Specific User by ID Get-MgUser -UserId 'f9c720a4-c7f1-4b00-b419-ff2c806e0ddf' | Format-List ID, DisplayName, Mail, UserPrincipalName #Create a New User Account $password = @{ Password= 'P@ssw0rd4625???' } New-MgUser -DisplayName 'Timo Jones' -PasswordProfile $password -AccountEnabled -MailNickName 'timojones' -UserPrincipalName 'timo.jones@tomrocks.ch' Updating User Accounts: #Update User Using ID Update-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' -DisplayName 'Timo R Jones' #Did it work Get-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' #Retrieve User Using Filtering, Then Update $user = Get-MgUser -ConsistencyLevel eventual -Filter "startsWith(UserPrincipalName, 'timo.jones@tomrocks.ch')" Update-MgUser -UserId $user.Id -DisplayName 'Timo Jones' #Did it work Get-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' Deleting User Accounts: #Remove User by ID Remove-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' #Remove User by ID with Confirmation Remove-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' -Confirm #Retrieve User Using Filtering, Then Delete $user = Get-MgUser -ConsistencyLevel eventual -Filter "startsWith(UserPrincipalName, 'timo.jones@tomrocks.ch')" Remove-MgUser -UserId $user.Id -Confirm #Did it work Get-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' How to Connect to Microsoft 365 for Group Management? Delegated Group Permissions: 1. Group.Read.All Allows listing groups, and reading properties and all group memberships on behalf of the signed-in user 2. Group.ReadWrite.All Allows creation of groups and reading of all group properties and memberships on behalf of the signed-in user 3. GroupMember.Read.All Allows listing of groups, reading basic group properties and reading memberships of all groups the signed-in user has access to 4. GroupMember.ReadWrite.All Allows listing of groups, reading basic properties, reading and updating the membership of the groups the signed-in user has access to Connect for Group Management: #Read Only Connection $scopes = @("Group.Read.All") Connect-MgGraph -Scopes $scopes #Read and Write Connection $scopes = @("Group.ReadWrite.All") Connect-MgGraph -Scopes $scopes #Read and Write Connection Including Group Memberships $scopes = @( "Group.ReadWrite.All" "GroupMember.ReadWrite.All") Connect-MgGraph -Scopes $scopes #Check the permissions Get-MgContext | select -ExpandProperty scopes Creating, Updating, and Deleting Groups - Basic Group Management Commands: - Get-MgGroup - Remove-MgGroup - New-MgGroup - Update-MgGroup Retrieving Groups: #Retrieve All Groups Get-MgGroup| Format-List ID, DisplayName, Description, GroupTypes #Retrieve Specific Group by ID Get-MgGroup -GroupId '12eda8b0-695b-4f57-a7b3-245b2a6552c9' | Format-List ID, DisplayName, Description, GroupTypes #Retrieve Groups by Filtering Get-MgGroup -ConsistencyLevel eventual -Filter "startsWith(DisplayName, 'Technik')" Creating Groups: #Create a New Group New-MgGroup -DisplayName 'MSGraph' -MailEnabled: $False -MailNickName 'MSGraph' -SecurityEnabled Updating Groups: #Update Group Using ID $properties = @{ "Description" = "New MS Graph Group" "DisplayName" = "New MS Graph Group Description" } Update-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' -BodyParameter $properties #Did it work? Get-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' Deleting Groups: #Remove Group by ID Remove-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' #Remove Group by ID with Confirmation Remove-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' -Confirm #Retrieve Group Using Filtering, Then Delete $group = Get-MgGroup -ConsistencyLevel eventual -Filter "startsWith(DisplayName, 'New MS Graph Group Description')" Remove-MgGroup -GroupId $group.Id -Confirm #Did it work? Get-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' Modify Group Membership: #Add a Group Member $user = Get-MgUser -ConsistencyLevel eventual -Search '"DisplayName:Timo Meyer"' $group = Get-MgGroup -GroupId 'be278623-1c0b-4c18-bb97-c617463ca920' New-MgGroupMember -GroupId $group.Id -DirectoryObjectId $user.Id #Did work? Get-MgGroupMember -GroupId $group.Id So that's it again for part 4, we'll see you again in the next part! A little preview, in the next part we'll talk about Exchange Online in the Microsoft Graph. See you soon. I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerPart 2 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, This article continues with the topic Microsoft Graph PowerShell SDK. You can find the first part here: https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3300352 Understand Naming Conventions: - GET – Retrieve single or multiple objects - POST – Add single or multiple objects - PUT – Add single or multiple objects - PATCH – Update single or multiple objects - DELETE – Remove single or multiple objects Graph API versus Graph PowerShell: Finding Available cmdlets: Import-Module Microsoft.Graph Get-Command -Module Microsoft.Graph* Get-Command -Module Microsoft.Graph* *Team* Get-Command -Module Microsoft.Graph* *User* Get-Command -Module Microsoft.Graph* -Noun *Group* Get-Command -Module Microsoft.Graph.Authentication Important! By default, the Microsoft Graph PowerShell SDK uses the Microsoft Graph REST API v1.0. It can generate errors when trying to execute commands. The resolution is to change the version. Getting Help for a cmdlet: Get-Help Get-MgUser Get-Help Get-MgUser -Category Cmdlet Get-Help Get-MgUser -Category Function Get-Help Get-MgUser -Detailed Get-Help Get-MgUser -Full Get-Help Get-MgUser –ShowWindow Set the API Version: #View the current API endpoint version Get-MgProfile #Set the API to the 'beta' endpoint Select-MgProfile -Name "beta" #Set the API to the 'v1.0' endpoint Select-MgProfile -Name "v1.0" What Are Scopes? - Scopes are Microsoft Graph Permissions - Scopes must be comma separated - Scopes use a specific format: - Object > Permission > Filter - User > Read > All Microsoft Graph Permissions: - Delegated Permissions (Used for applications needing to access the API as the signed-in user) - Application Permissions (Used for applications that run as a background service or daemon without a signed-in user) Microsoft Graph Permissions Examples: User.Read Allows users to sign-in to the app and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. User.ReadBasic.All Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo. User.ReadWrite Allows the app to read your profile. It also allows the app to update your profile information on your behalf. User.ReadWrite.All Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. Connect to Microsoft 365 using Scopes: #Scopes to Manage Users and Groups with Full Read Write Access $scopes = @( "User.ReadWrite.All" "Directory.ReadWrite.All" "Group.ReadWrite.All" ) #Scopes to Create Teams $scopes = @("Team.Create" "Group.ReadWrite.All" ) #Scopes to Manage SharePoint Online Sites and Files $scopes = @("Sites.FullControl.All" "Sites.Manage.All" "Sites.ReadWrite.All" "Files.ReadWrite.All" "Files.ReadWrite.AppFolder" ) #Scopes to Manage Mail $scopes = @("Mail.ReadWrite" "Mail.ReadWrite.Shared" "Mail.Send" ) Finding Available Permissions: #SharePoint Sites Find-MgGraphPermission sites -PermissionType Delegated #Microsoft Teams Find-MgGraphPermission teams -PermissionType Delegated #Users Find-MgGraphPermission user -PermissionType Delegated #eDiscovery Find-MgGraphPermission ediscovery -PermissionType Delegated Connect to Microsoft 365 #Connect Using the Standard Command and Scopes $scopes = @("User.ReadWrite.All" "Directory.Read.All" "Group.Read.All" ) Connect-MgGraph -Scopes $scopes When establishing a connection, the additional consent must be confirmed after logging in. #Connect Using an Azure App Registration Connect-MgGraph -ClientId <your ClientId> -TenantId <your TenantId> -CertificateThumbprint <your CertificateThumbprint> So that was it for the second part. In the next part you will learn how to customize an existing connection and more....! I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerPart 5 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, This article continues with the topic Microsoft Graph PowerShell SDK. Part 1 to 4 can be found here: https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3300352 https://techcommunity.microsoft.com/t5/windows-powershell/part-2-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3302366 https://techcommunity.microsoft.com/t5/windows-powershell/part-3-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3339696 https://techcommunity.microsoft.com/t5/windows-powershell/part-4-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3409310 This article is about connecting to Exchange Online. Remember: Connections to the Microsoft Graph are protected by one or more permission scopes. Service Scopes: Exchange Online (Focus in this article) Mail and Calendar SharePoint Online Files and Sites Microsoft Teams Teams, Channels, Chats and Members Mail Delegated Permissions: Mail.Read Allows reading mail in in user mailboxes Mail.ReadBasic Allows reading mail in the signed-in user's mailbox, except for body, bodyPreview, uniqueBody, attachments, extensions, and any extended properties Mail.ReadWrite Allows creating, reading, updating, and deleting mail in user mailboxes Mail.Read.Shared Allows reading mail that the user can access, including the user's own and shared mail Mail.ReadWrite.Shared Allows creating, reading, updating, and deleting mail that the user has permission to access, including the user's own and shared mail Mail.Send Allows sending mail as users in the organization Mail.Send.Shared Allows sending mail as the signed-in user, including sending on-behalf of others MailboxSettings.Read Allows reading user's mailbox settings MailboxSettings.ReadWrite Allows creating, reading, updating, and deleting user's mailbox settings IMAP.AccessAsUser.All Allows reading, updating, creating and deleting mail in user mailboxes POP.AccessAsUser.All Allows reading, updating, creating and deleting mail in user mailboxes SMTP.Send Allows sending mail as users in the organization Mail Application Permissions: Mail.Read Allows reading mail in all mailboxes without a signed-in user Mail.ReadBasic.All Allows reading all users mailboxes except Body, BodyPreview, UniqueBody, Attachments, ExtendedProperties, and Extensions Mail.ReadWrite Allows creating, reading, updating, and deleting mail in all mailboxes without a signed-in user Mail.Send Allows sending mail as any user without a signed-in user MailboxSettings.Read Allows reading user's mailbox settings without a signed-in user MailboxSettings.ReadWrite Allows creating, reading, updating, and deleting user's mailbox settings without a signed-in user Calendar Delegated Permissions: Calendars.Read Allows reading events in user calendars Calendars.Read.Shared Allows reading events in all calendars that the user can access, including delegate and shared calendars Calendars.ReadWrite Allows creating, reading, updating, and deleting events in user calendars Calendars.ReadWrite.Shared Allows creating, reading, updating, and deleting events in all calendars the user has permissions to access Calendar Application Permissions: Calendars.Read Allows reading events of all calendars without a signed-in user Calendars.ReadWrite Allows creating, reading, updating, and deleting events of all calendars without a signed-in user Connecting to Exchange Online: Set-Location C:\ Clear-Host #If needed Import-Module Microsoft.Graph #Set the API to the 'beta' endpoint Select-MgProfile -Name "beta" #We check the profile Get-MgProfile #Connection for Creating, Reading, Updating, and Deleting Mail $scopes = @("Mail.ReadWrite") Connect-MgGraph -Scopes $scopes #We search for my a UserID Get-MgUser #An example $User = Get-MgUser -UserId "ab8637c3-39ba-47f3-ad53-7fcd9a3f49a6" $mailfolders = Get-MgUserMailFolder -UserId $User.Id -All $mailfolders #Connection for Sending Mail as Users in the Organization $scopes = @("SMTP.Send") Connect-MgGraph -Scopes $scopes #Connection for Creating, Reading, Updating, and Deleting Events in User Calendars $scopes = @("Calendars.ReadWrite") Connect-MgGraph -Scopes $scopes #An example $User = Get-MgUser -UserId "ab8637c3-39ba-47f3-ad53-7fcd9a3f49a6" $calendar = Get-MgUserCalendar -UserId $User.Id -All $calendar #Core Connection for Managing Mail and Calendar $scopes = @("Mail.ReadWrite","Calendars.ReadWrite") Connect-MgGraph -Scopes $scopes So that's it again for part 5, we'll see you again in the next part! A little preview, in the next part we'll talk about SharePoint Online and Microsoft Teams in the Microsoft Graph. See you soon. I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerPart 3 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, This article continues with the topic Microsoft Graph PowerShell SDK. Part 1 and 2 can be found here: https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3300352 https://techcommunity.microsoft.com/t5/windows-powershell/part-2-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3302366 How to Connect to Microsoft 365? 1. With direct Command or 2. Azure App Registration Modifying an Existing Connection: - Scopes are required for each connection - Scope permissions are for the current session (unless using an Azure App Registration) - Extra needed permissions require re-connecting with the specified scopes Viewing Existing Connection Details: #If needed Import-Module Microsoft.Graph #Connect to Microsoft 365 to Access Users and Groups Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All" #View Current Connection Details Get-MgContext (Get-MgContext).AuthType (Get-MgContext).Scopes Reconnect Connection with Updated Scopes: #Original Connection Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All" #Update Connection to Allow "Group Members" Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All","GroupMember.ReadWrite.All" Don't forget, when updating the connection, you need to confirm the consent again. #View the new Current Connection Details Get-MgContext (Get-MgContext).AuthType (Get-MgContext).Scopes Connecting Using an Azure App Registration (Advantages of Azure App Registrations): - App-only Access Grants Permissions to an Application - Requires Administration Consent - Predefined Permissions Control Access Prerequisites to Using App-only Authentication: - Require a Certificate - Self-signed or from an Authority - Register an Azure Active Directory App - Assign Required Permissions Scopes - Share the Public Key of the Certificate Creating a Self-signed Certificate: #Create the Certificate $cert = New-SelfSignedCertificate -Subject "CN={GraphCertificate}" -CertStoreLocation "Cert:\CurrentUser\My" ` -KeyExportPolicy Exportable -KeySpec Signature ` -KeyLength 4096 -KeyAlgorithm RSA -HashAlgorithm SHA256 #Export the Created Certificate Export-Certificate -Cert $cert -FilePath "C:\Certs\{GraphCertificate}.cer" #Set the Password and Export as "PFX" $pwd = ConvertTo-SecureString -String "{Password}" -Force –AsPlainTextExport -PfxCertificate ` -Cert $cert -FilePath "C:\Certs\{GraphCertificate}.pfx" -Password $pwd Create the Azure App Registration: 1. Navigate to the Azure Active Directory Admin Center 2. Register a New Application using Accounts in the Organizational Directory Only 3. Copy the Application and Directory ID 4. Assign API Permissions 5. Upload the Certificate Connect Using Azure App Registration: #Connect Using an Azure App Registration Connect-MgGraph ` -ClientId "YOUR CLIENT ID" ` -TenantId "YOUR TENANT ID" ` -CertificateThumbprint "YOUR CERT THUMBPRINT" #Check the Current Context Get-MgContext That's it for the third part. In the next part, we will continue with managing Users and Groups. See you soon! I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
