Skip to content

Latest commit

 

History

History

user-auth

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
GraphTutorial.ps1
GraphTutorial.ps1
 
 
README.md
README.md
 
 
RegisterAppForUserAuth.ps1
RegisterAppForUserAuth.ps1
 
 
settings.example.json
settings.example.json
 
 
version
version
 
 

README.md

How to run the completed project

Prerequisites

To run the script in this folder, you need the following:

  • The Microsoft Graph PowerShell SDK installed on your development machine. (Note: This tutorial was written with PowerShell 7.2.2 and Microsoft Graph PowerShell SDK version 1.9.5. The steps in this guide may work with other versions, but that has not been tested.)
  • Either a personal Microsoft account with a mailbox on Outlook.com, or a Microsoft work or school account. If you don't have a Microsoft account, there are a couple of options to get a free account:

Register an application

You can register an application using the Azure Active Directory admin center, or by using the Microsoft Graph PowerShell SDK.

Azure Active Directory admin center

  1. Open a browser and navigate to the Azure Active Directory admin center and login using a personal account (aka: Microsoft Account) or Work or School Account.

  2. Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage.

  3. Select New registration. Enter a name for your application, for example, PowerShell Graph Tutorial.

  4. Set Supported account types as desired. The options are:

    Option Who can sign in?
    Accounts in this organizational directory only Only users in your Microsoft 365 organization
    Accounts in any organizational directory Users in any Microsoft 365 organization (work or school accounts)
    Accounts in any organizational directory ... and personal Microsoft accounts Users in any Microsoft 365 organization (work or school accounts) and personal Microsoft accounts

  5. Leave Redirect URI empty.

  6. Select Register. On the application's Overview page, copy the value of the Application (client) ID and save it, you will need it in the next step. If you chose Accounts in this organizational directory only for Supported account types, also copy the Directory (tenant) ID and save it.

  7. Select Authentication under Manage. Locate the Advanced settings section and change the Allow public client flows toggle to Yes, then choose Save.

PowerShell

  1. Open PowerShell and run the RegisterAppForUserAuth.ps1 file with the following command, replacing <audience-value> with the desired value (see table below).

    Note: The RegisterAppForUserAuth.ps1 script requires a work/school account with the Application administrator, Cloud application administrator, or Global administrator role.

    .\RegisterAppForUserAuth.ps1 -AppName "PowerShell Graph Tutorial" -SignInAudience <audience-value>
    SignInAudience value Who can sign in?
    AzureADMyOrg Only users in your Microsoft 365 organization
    AzureADMultipleOrgs Users in any Microsoft 365 organization (work or school accounts)
    AzureADandPersonalMicrosoftAccount Users in any Microsoft 365 organization (work or school accounts) and personal Microsoft accounts
    PersonalMicrosoftAccount Only personal Microsoft accounts

  2. Copy the Client ID and Auth tenant values from the script output. You will need these values in the next step.

    SUCCESS
Client ID: 2fb1652f-a9a0-4db9-b220-b224b8d9d38b
Auth tenant: common

Configure the sample

  1. Open settings.json and update the values according to the following table.

    Setting Value
    clientId The client ID of your app registration
    tenantId If you chose the option to only allow users in your organization to sign in, change this value to your tenant ID. Otherwise leave as common.

Run the sample

In PowerShell, navigate to the project directory and run the following command.

./GraphTutorial.ps1

Note: The scripts included in this sample are not digitally signed. Attempting to run them may result in the following error:

.\GraphTutorial.ps1: File C:\Source\GraphTutorial.ps1 cannot be loaded. The file C:\Source\GraphTutorial.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https://go.microsoft.com/fwlink/?LinkID=135170.

If you get this error, use the following commands to unblock the file and temporarily allow unsigned scripts in the current PowerShell session. This will not change the default execution policy, the setting is only effective in the current session.

Unblock-File .\GraphTutorial.ps1
Set-ExecutionPolicy Unrestricted -Scope Process