In this post I want to discuss Microsoft Graph, in my personal experience I haven’t seen many people use Graph for aspects such as reporting.
I believe the main reason for this is that using it within an application or with most languages, it can be quite a chore.
The reason for this is the requirement to set up an Application with Azure AD, and deal with secretes etc. If you are new to scripting or programming it can quite daunting.
Enter the PowerShell SDK
The PowerShell SDK provides all the power of the Graph API, but with the convenience of PowerShell. The one major advantage over all other options is that you do not need to manually set up the application within Azure AD.
That said it does require a bit of set up, and knowledge on where to find the commands.
Most of the installation information can be found here:
https://docs.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0
The main steps are:
- Allow PowerShell to install the sdk/ module
- Install the sdk
- Log into Graph
- Start making commands
First allow PowerShell to install the Module
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUserNext install the SDK
Install-Module Microsoft.Graph -Scope CurrentUserNext we need to log into the Graph, and in doing this we have to set the scope of the commands that we want to use.
Knowing what scope again takes a bit of practice, but the documentation does show you how to discover the scopes you need to include to be able to run a command.
The easiest I’ve found is to do a simple Get-Help on the command with the -Detailed flag.
Get-Help Get-Mguser -DetailedThe examples tend to show you what scopes you need. The other option is:
Find-MgGraphCommand -Command 'Get-MgUser'
As you can see the Permissions are shown on the right. However, not all of them are needed, for my use the “User.Read.All”, tends to be enough to get user details.
Authorisation
When you first log into Graph it will prompt you to log in and provide admin authorisation, this is required to provide PowerShell the scopes that you have provided. It does not provide the application with administration rights.
This is similar to installing something on your computer, you need to be admin to install, but not operate the app.
Getting Reports
The main reason for me to use Graph is to get all the reports from M365, which is really easy once you know where to look.
https://learn.microsoft.com/en-us/graph/api/resources/report?view=graph-rest-1.0
There are reports for all aspects of M365, ranging from Mail through OneDrive and SharePoint. Some of the most useful ones I’ve found are:
- Get-MgReportMailboxUsageStorage
- Get-MgReportMailboxUsageDetail
- Get-MgReportOneDriveUsageStorage
- Get-MgReportSharePointSiteUsageStorage
- Get-MgReportSharePointSiteUsageSiteCount
- Get-MgReportSharePointSiteUsageDetail
But there are dozens of other commands available, and it are well worth exploring!
One thing that I found that with some of the reports that data is obfuscated, and MS does this purposely. If you want to be able to see full details such as “user principal name” on some reports you need to go into the MS365 portal and do the following:
Settings > Org Settings > Reports > uncheck “Display concealed user, group and site names in all reports”.
Once you have done that you’ll be able to see full details in the reports.
Keep Coding 🦀