
In Previous Article, we have registered application and selected permissions which is required the Administrator Consent
Introduction to Microsoft Graph API – Part 1
Introduction to Microsoft Graph API – Part 2
To grant admin consent, Click on Grant admin consent for undefined

Login using the Global administrator to provide the admin consent

Click on Accept which enables application to provide the Admin Consent on behalf the tenant users

Now you can see Admin Consent has been given for the domain name Windowstechpro.com

We are given with admin consent for the application registered. it is time to create client secret to connect to the Graph API

Select the Description and select the Expiration of the client secret
Click on Add

Now the client secret has been generated, Copy the Secret

We have done all the required actions.. we do have ClientId, TenantID, Client Secret to connect graph using the Codes.
Let’s try now connecting the Tenant to get the user information
# Azure AD OAuth Application Token for Graph API # Get OAuth token for a AAD Application (returned as $token) # Application (client) ID, tenant ID and secret $clientId = "Client ID" $tenantId = "Tenant ID" $clientSecret = 'Client Secret' # Construct URI $uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" # Construct Body $body = @{ client_id = $clientId scope = "https://graph.microsoft.com/.default" client_secret = $clientSecret grant_type = "client_credentials" } # Get OAuth 2.0 Token $tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing # Access Token $token = ($tokenRequest.Content | ConvertFrom-Json).access_token #Azure AD User Details $apiUrl = 'https://graph.microsoft.com/v1.0/users/' $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $apiUrl -Method Get $users = ($Data | select-object Value).Value $users | Export-Csv "C:\Users\radhakrishnan.g\Desktop\OUT\users1.csv" -NoTypeInformation

Could see user details are exported in the CSV file without any issues which show that application registered has right permissions

If required to connect any other Office 365 Work Loads, without proper permissions assigned, it will still fail with error Insufficient Privilege .

In above screenshot, We have tried to connect to Groups without Permissions that is the reason it failed. We still able to assign the permissions again for the application to connect to the right workload

Provide the admin consent required for other permissions name




Once it has been done, you can run the application codes again and see the results without any issues
#Azure AD OAuth Application Token for Graph API #Get OAuth token for a AAD Application (returned as $token) #Application (client) ID, tenant ID and secret $clientId = "Client ID" $tenantId = "Tenant ID" $clientSecret = 'Client Secret' Construct URI $uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" Construct Body $body = @{ client_id = $clientId scope = "https://graph.microsoft.com/.default" client_secret = $clientSecret grant_type = "client_credentials" } Get OAuth 2.0 Token $tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing Access Token $token = ($tokenRequest.Content | ConvertFrom-Json).access_token Azure AD Groups Including all groups Details $apiUrl = 'https://graph.microsoft.com/v1.0/groups/' $Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $apiUrl -Method Get $Groups = ($Data | select-object Value).Value $Groups | Export-Csv "C:\Users\radhakrishnan.g\Desktop\OUT\groups.csv" -NoTypeInformation

Likewise, we can use the graph for all the workloads of Microsoft Office 365 Services.
Introduction to Microsoft Graph API – Part 1
Introduction to Microsoft Graph API – Part 2
Let’s see all the Graph options in detailed in the upcoming articles..