Sign in Subscribe
By Jorge Suarez —

Top 20 Microsoft Graph API Cmdlets: Supercharge Your Productivity with PowerShell

Microsoft Graph API is a powerful resource that allows developers and IT professionals to interact with various Microsoft 365 services programmatically. With the help of PowerShell and the Microsoft.Graph module, managing and automating tasks across different Microsoft 365 services becomes seamless and efficient. In this blog post, we will explore the top 20 Graph API cmdlets that can supercharge your productivity, streamline workflows, and make your Microsoft 365 administration a breeze.

💡
Note: You will need the Microsoft.Graph Powershell module installed to run these commands, as well as an Microsoft Intune tenant (duh).

Some of these cmdlets may not return the expected data if you do not have the sufficient read or write privileges in your respective tenant.

Connect-MgGraph:

This cmdlet establishes a connection to the Microsoft Graph API by using device authentication, enabling you to interact with various Microsoft 365 services securely.

# Authenticate (Prerequisite)

# Connect to the Microsoft Graph API using device authentication
Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All" -UseDeviceAuthentication

Get-MgContext

Retrieves the details about your current Microsoft Graph API session.

# Fetch Session details
Get-MgContext

Find-MgGraphCommand

Allows you to discover which API path a command calls, by providing a URI or a command name.

# Pass a command and get the URI it calls
Find-MgGraphCommand -Command 'Get-MgUser'

Get-MgUser

Fetches a list of users in your organization, allowing you to view essential user details like Display Name, UserPrincipalName, and more.

# Fetch and list users
$users = Get-MgUser
$users | Select-Object DisplayName, UserPrincipalName, Id

Get-MgUserMemberOf

Retrieves all groups where a user or group is a member.

# Get an existing user
$user = Get-MgUser -Filter "UserPrincipalName eq 'jorge@jorgeasaur.us'"

# Fetch group memberships
Get-MgUserMemberOf -UserId $user.id

Get-MgGroup

Retrieves a list of groups from Azure Active Directory, providing information such as group names, descriptions, and membership details.

# Fetch and list groups
$groups = Get-MgGroup
$groups | Select-Object DisplayName, Description, Mail, GroupTypes

Get-MgDevice

Enables you to list devices registered in your organization, including details like device type, manufacturer, and model.

# Fetch and list devices
$devices = Get-MgDevice
$devices | Select-Object DisplayName,OperatingSystem,OperatingSystemVersion,Id

Get-MgDeviceAppManagementMobileApp

Fetches a list of mobile apps in your Microsoft 365 tenant, showcasing app details like Display Name, Description, and Publisher.

# Fetch and list applications
$apps = Get-MgDeviceAppManagementMobileApp
$apps | Select-Object DisplayName, Description, Publisher, Id

New-MgUser

Allows you to create a new user in your Azure Active Directory with customized properties like Display Name, UserPrincipalName, and PasswordProfile.

# Define user properties
$newUser = @{
    AccountEnabled    = $true
    DisplayName       = "John Doe"
    MailNickname      = "john.doe"
    UserPrincipalName = "john.doe@jorgeasaur.us"
    PasswordProfile   = @{
        ForceChangePasswordNextSignIn = $true
        Password = "P@ssw0rd123!"
    }
}

# Create the user
New-MgUser -BodyParameter $newUser

Update-MgUser

Updates user properties, giving you the flexibility to modify existing user accounts with ease.

# Get an existing user
$user = Get-MgUser -Filter "UserPrincipalName eq 'jorge@jorgeasaur.us'"

# Update user properties
Update-MgUser -UserId $user.id -DisplayName 'Jorge Suarez'

Remove-MgUser

Deletes a user from your Azure Active Directory, providing an efficient way to manage user accounts.

# Get an existing user
$user = Get-MgUser -Filter "UserPrincipalName eq 'john.doe@jorgeasaur.us'"

# Remove the user
Remove-MgUser -Id $user.Id

New-MgGroup

Enables you to create a new group in Azure Active Directory, streamlining group management in your organization.

# Define group properties
$newGroup = @{
    DisplayName = "New Group"
    Description = "This is a new group."
    MailEnabled = $false
    MailNickname = "newgroup"
    SecurityEnabled = $true
}

# Create the group
New-MgGroup -BodyParameter $newGroup

New-MgGroupMember

Adds members to a specific group, making it simple to manage group memberships programmatically.

# Get an existing group
$group = Get-MgGroup -Filter "DisplayName eq 'New Group'"

# Get an existing user
$user = Get-MgUser -Filter "UserPrincipalName eq 'jorge@jorgeasaur.us'"

# Add the user as a member to the group
New-MgGroupMember -GroupId $group.Id -DirectoryObjectId $user.Id

Get-MgGroupMember

Fetches the members of a group, allowing you to review group memberships easily.

# Get an existing group
$group = Get-MgGroup -Filter "DisplayName eq 'New Group'"

# Get group members
$members = Get-MgGroupMember -GroupId $group.Id
$members | Select-Object Id

Get-MgGroupOwner

Retrieves the owners of a group, providing valuable insights into group management.

# Get an existing group
$group = Get-MgGroup -Filter "DisplayName eq 'New Group'"

# Get group owners
$owners = Get-MgGroupOwner -GroupId $group.Id
$owners | Select-Object Id

Update-MgDevice

Updates device properties, providing a convenient way to modify existing device attributes.

# Get an existing device
$device = Get-MgDevice -Filter "DisplayName eq 'New Device'"

# Update device properties
$params = @{
	accountEnabled = $false
}

Update-MgDevice -DeviceId $device.Id -BodyParameter $params

Get-MgDeviceManagementDeviceConfiguration

Fetches a list of device configuration policies, aiding in the management of device settings across your organization.

# Fetch and list device configuration policies
$policies = Get-MgDeviceManagementDeviceConfiguration
$policies | Select-Object DisplayName, Description

Get-MgDeviceAppManagementMobileAppAssignment

Fetches assignments for a mobile app, along with the install intent for the app.

# Get an existing mobile app
$app = Get-MgDeviceAppManagementMobileApp `
	-Filter "DisplayName eq 'Box'"

# Return the app assignment(s)
Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id

Get-MgMailMessage

Retrieves email messages from a user's mailbox, enabling email data processing and analysis.

# Get an existing user
$user = Get-MgUser -Filter "UserPrincipalName eq 'john.doe@jorgeasaur.us'"

# Fetch email messages from a user's mailbox
$mailMessages = Get-MgUserMessage -UserId $user.id -Top 5
$mailMessages | Select-Object Subject, From, ReceivedDateTime

Get-MgUserEvent

Fetches user events from their calendar, providing insights into scheduling and appointments.

# Get an existing user
$user = Get-MgUser -Filter "UserPrincipalName eq 'john.doe@jorgeasaur.us'"

# Get user events from their calendar
$events = Get-MgUserEvent -UserId $user.id -Top 5
$events | Select-Object Subject, Start, End

In this blog post, we have covered the top 20 Graph API cmdlets that can supercharge your productivity and make your Microsoft 365 administration tasks more efficient. These cmdlets, when used in conjunction with PowerShell and the Microsoft.Graph module, provide powerful tools to interact with Microsoft 365 services programmatically. Whether it's managing users, devices, apps, or groups, PowerShell and Graph API offer a seamless and robust way to automate and streamline your workflows. Embrace these cmdlets to enhance your productivity and elevate your Microsoft 365 management to the next level.

I hope this helps.

 > Jorgeasaurus

Subscribe to > Jorgeasaurus

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe