Microsoft Graph API test script for M365 Services


Here’s an easy snippet for doing some basic testing of M365 services via Microsoft Graph. Don’t forget that your app registration permissions must be correct before you will find any success with this test.


# Begin Example
##########################################################
# These will need to be changed based on Tenant (Commercial, GCC HIGH, DOD)
# https://docs.microsoft.com/en-us/graph/deployments#microsoft-graph-and-graph-explorer-service-root-endpoints
########################################################## 

$TenantName = '<tenantname>.onmicrosoft.com'
$Username = '<username>@<tenant>.onmicrosoft.com'
$Password = '<password>'
$ClientID = '<ClientID>'  # Application (app registration) ID
$ClientSecret = '<ClientSecret>'

$ApiURL = 'https://graph.microsoft.com'
$GraphScope = 'https://graph.microsoft.com/.default'
$LoginURL = 'https://login.microsoftonline.com'
  
#########################################################  


$ReqTokenBody = @{
  Grant_Type    = 'password'
  Scope         = $GraphScope
  client_Id     = $ClientID
  Client_Secret = $ClientSecret
  Password      = $Password
  Username      = $Username
}   

# Obtain auth token
# access_token can be inspected at: https://jwt.ms/
$TokenResponse = Invoke-RestMethod -Uri "$LoginURL/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody  

$Headers = @{"Authorization"= "Bearer $($TokenResponse.access_token)"; "Content-Type"="application/json"};

# UNcomment appropriate $URL assignement below as needed for testing

# Teams Discovery
#$URL = "$($ApiURL)/v1.0/me/joinedTeams"

# OneDrive
#$URL = "$($ApiURL)/v1.0/me/drive/root/"

# License SKUs
#$URL = "$($ApiURL)/v1.0/subscribedSkus"

# Service Health
$URL = "$($ApiURL)/v1.0/admin/serviceAnnouncement/healthOverviews"


# Retrieve data object from Graph
$Result = Invoke-RestMethod -Method GET -Headers $Headers -Uri $URL -ErrorAction Stop 

If ($Result.value) {
  $Result.value
}
Else {
  $Result
}

############################################################ 
# End Example


App Registration Permission

App registration permissions shown below at the time of this writing.
NOTE:  Message Center Reader role is required as noted here.



Examples

Service Health Announcements


OneDrive


Teams


Auth Token Inspection


https://jwt.ms/

Above you can see the scope of the token in the “scp” value.

Leave a Reply

Your email address will not be published. Required fields are marked *