Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


EasyGraph is a cross-platform PowerShell module that simplifies working with Microsoft Graph from PowerShell. The module manages authentication, paging and throttling without having to fiddle with JSON requests and responses. The EasyGraph module is designed for use in unattended scripts, and supports Azure Automation.

Supported authentication methods:

  • Certificate based authentication with thumbprint (Windows only)
  • Certificate based authentication with Pfx file
  • Username and password (Windows only)
  • Client credentials
  • Device Code

Get Started

Install the module

The EasyGraph module is installed from PowerShell Gallery.

Install-Module -Name EasyGraph

Register your App

To use the module you first have to register your app in Azure AD and delegate permissions and consents for the type of requests your script will use.

For Certificate and Client Secret authentication your App need Application permissions, and for User and Device Code authentication your App need Delegated permissions.

Delegated authentication also requires that your App has a Redirect URI specified (for example, and Device Code authentication requires that your Default client type is set to Public Client.

You can find more information about App Registrations in the Microsoft documentation.

Create a certificate

If you plan to use Certificate Authentication you can create a certificate with just a few lines of PowerShell code

$Params = @{
    NotBefore         = Get-Date
    NotAfter          = (Get-Date).AddYears(2)   #Create a certificate with two years validity
    DnsName           = $env:computername
    CertStoreLocation = 'Cert:\LocalMachine\My'
    Provider          = 'Microsoft Enhanced RSA and AES Cryptographic Provider'
$Certificate = New-SelfSignedCertificate @Params

After the certificate is created you must export the public key and upload it to your App.



# With regular login prompt 
Connect-EasyGraph -AppId $AppId
# Specify user for Single sign-on (when applicable)
Connect-EasyGraph -AppId $AppId -UserPrincipalName ''
# Connect with Device Code
Connect-EasyGraph -AppId $AppId -TenantId $TenantId -DeviceCode
# Connect with a certificate in the Windows Certificate Store
Connect-EasyGraph -AppId $AppId -TenantId $TenantId -CertificateThumbprint $Certificate.Thumbprint
# Connect with Azure Automation RunAs Account
$AzureRunAsConnection = Get-AutomationConnection -Name 'AzureRunAsConnection'
Connect-EasyGraph @AzureRunAsConnection

API Requests

# Get all users:
Invoke-EasyGraphRequest -Resource '/users'
# Get users from the 'beta' endpoint:
Invoke-EasyGraphRequest -Resource '/users' -APIVersion beta
# Get all users with automatic paging:
Invoke-EasyGraphRequest -Resource '/users' -All
# Get the 'Sales' group using filter parameter:
$group = Invoke-EasyGraphRequest -Resource '/groups?$filter=displayName eq ''Sales'''
# Get members of the 'Sales' group:
Invoke-EasyGraphRequest -Resource "/groups/$($"
# Create a user:
$body = @{
    accountEnabled = $true
    displayName = 'displayName-value'
    mailNickname = 'mailNickname-value'
    userPrincipalName = ''
    passwordProfile = @{
        forceChangePasswordNextSignIn = $true
        password = 'password-value'
Invoke-EasyGraphRequest -Resource '/users' -Method Post -Body $body
# Update profile photo:
Invoke-EasyGraphRequest -Resource '/me/photo/$value' -Method Patch -InFile .\photo.jpg -ContentType 'image/jpeg'
# Upload file to OneDrive:
Invoke-EasyGraphRequest -Resource '/me/drive/root:/workbook.xlsx:/content' -Method Put -InFile .\workbook.xlsx -ContentType 'application/octet-stream'
# Download file from OneDrive:
Invoke-EasyGraphRequest -Resource '/me/drive/root:/workbook.xlsx:/content' -OutFile .\workbook.xlsx

Disconnect session


Issues, Requests, Bugs

Please submit via the Issues link.


The change log is maintained in the Releases section of GitHub.


This PowerShell module simplifies access to Microsoft Graph REST API resources and handles authentication, paging and throttling to the APIs.