Here’s an easy snippet for doing some basic testing of M365 services via Microsoft Graph. Don’t forget that your app registration permissions must be correct before you will find any success with this test.
# Begin Example
##########################################################
# These will need to be changed based on Tenant (Commercial, GCC HIGH, DOD)
# https://docs.microsoft.com/en-us/graph/deployments#microsoft-graph-and-graph-explorer-service-root-endpoints
##########################################################
$TenantName = '<tenantname>.onmicrosoft.com'
$Username = '<username>@<tenant>.onmicrosoft.com'
$Password = '<password>'
$ClientID = '<ClientID>' # Application (app registration) ID
$ClientSecret = '<ClientSecret>'
$ApiURL = 'https://graph.microsoft.com'
$GraphScope = 'https://graph.microsoft.com/.default'
$LoginURL = 'https://login.microsoftonline.com'
#########################################################
$ReqTokenBody = @{
Grant_Type = 'password'
Scope = $GraphScope
client_Id = $ClientID
Client_Secret = $ClientSecret
Password = $Password
Username = $Username
}
# Obtain auth token
# access_token can be inspected at: https://jwt.ms/
$TokenResponse = Invoke-RestMethod -Uri "$LoginURL/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
$Headers = @{"Authorization"= "Bearer $($TokenResponse.access_token)"; "Content-Type"="application/json"};
# UNcomment appropriate $URL assignement below as needed for testing
# Teams Discovery
#$URL = "$($ApiURL)/v1.0/me/joinedTeams"
# OneDrive
#$URL = "$($ApiURL)/v1.0/me/drive/root/"
# License SKUs
#$URL = "$($ApiURL)/v1.0/subscribedSkus"
# Service Health
$URL = "$($ApiURL)/v1.0/admin/serviceAnnouncement/healthOverviews"
# Retrieve data object from Graph
$Result = Invoke-RestMethod -Method GET -Headers $Headers -Uri $URL -ErrorAction Stop
If ($Result.value) {
$Result.value
}
Else {
$Result
}
############################################################
# End Example
App Registration Permission
App registration permissions shown below at the time of this writing.
NOTE: Message Center Reader role is required as noted here.
Examples
Service Health Announcements
OneDrive
Teams
Auth Token Inspection
Above you can see the scope of the token in the “scp” value.