Microsoft Graph PowerShell

Query Microsoft 365 with the Graph API

Prerequisites

Install the module: Install-Module Microsoft.Graph -Scope CurrentUser

Basic User Query

PowerShell

# Connect with required scopes
Connect-MgGraph -Scopes "User.Read.All"

# Query a specific user
$upn = Read-Host 'Enter user email (user@domain.com)'
$user = Get-MgUser -UserId $upn

# Display all properties
$user | Select-Object *

Exploring Complex Objects

PowerShell

# Some properties are complex objects that need separate exploration
# For example, to explore OnPremisesExtensionAttributes:
$user.OnPremisesExtensionAttributes | Format-List *

# View license details
$user.AssignedLicenses | Format-List *

# View sign-in activity (requires AuditLog.Read.All scope)
$user.SignInActivity | Format-List *

Available Properties

Microsoft Graph exposes a large set of user properties. Here are the most commonly used:

Identity

Id
DisplayName
UserPrincipalName
Mail
MailNickname

Work Info

JobTitle
Department
CompanyName
OfficeLocation
EmployeeId

Contact

BusinessPhones
MobilePhone
StreetAddress
City
State

Account

AccountEnabled
CreatedDateTime
UserType
ExternalUserState

Licensing

AssignedLicenses
AssignedPlans
LicenseDetails
ProvisionedPlans

Hybrid AD

OnPremisesSyncEnabled
OnPremisesLastSyncDateTime
OnPremisesSamAccountName
OnPremisesExtensionAttributes

Common Permission Scopes

Scope	Purpose
`User.Read.All`	Read all user profiles
`User.ReadWrite.All`	Read and write all user profiles
`Directory.Read.All`	Read directory data (groups, etc.)
`AuditLog.Read.All`	Read sign-in activity and audit logs
`Mail.Read`	Read user mail

Disconnecting

PowerShell

# Check current connection
Get-MgContext

# Disconnect when done
Disconnect-MgGraph

Why Microsoft Graph?

Microsoft Graph is the unified API for Microsoft 365 services. It replaces multiple older modules (AzureAD, MSOnline, Exchange Online V1) with a single, consistent interface. New features are only being added to Graph.