Connect to Microsoft Graph with PowerShell using a certificate and an Azure service principal.

Microsoft Graph is the new black. It may not be new for you, but nevertheless it’s important to know that Microsoft is putting a lot of effort into to the Microsoft Graph PowerShell module, and by doing so, The Azure AD PowerShell module and the PowerShell module Microsoft Online (MSOL) is soon to be retried by Microsoft and to be completely replaced with Microsoft Graph instead. You can read more about that here: https://azure.microsoft.com/en-us/updates/update-your-apps-to-use-microsoft-graph-before-30-june-2022/

Like any other PowerShell Module from Microsoft, you need to authenticate to the service using some form of credential type (username/password + MFA fx.), and the Microsoft Graph is no exception (surprise!) In this post we won’t be focused on the username/password authentication, but instead we will be using a certificate. The reason for this, is the purpose of using an authentication method to be used in automation scripts that can be run unattended in scheduled task or an Azure Automation account in a secure way. (We don’t want to have username/password in plain text in the code and the MFA prompt might be an issue).
But to use a certificate as our authentication method we need to have an Azure service principal.

It’s the service principal that will ‘perform’ our actions in PowerShell using the Microsoft Graph. This blog will cover how to create both the certificate and the service principal and demonstrate how to connect to Microsoft Graph.

Read more