A collection of functions enabling easier consumption of Microsoft Graph using just PowerShell (Desktop/Core).

Minimum PowerShell version


Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name MSGraphPSEssentials

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name MSGraphPSEssentials

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More



(c) 2020 Jeremy Bradshaw. All rights reserved.

Package Details



MicrosoftGraph OAuth App-Only Delegated DeviceCode JWT AccessToken RefreshToken


New-MSGraphAccessToken New-MSGraphRequest New-SelfSignedMSGraphApplicationCertificate New-MSGraphPoPToken Add-MSGraphApplicationKeyCredential Remove-MSGraphApplicationKeyCredential ConvertFrom-JWTAccessToken New-RefreshTokenCredential Get-AccessTokenExpiration


Desktop Core


This module has no dependencies.

Release Notes

v0.6.0 (2022-01-12):

-   Updated New-MSGraphRequest to no longer be a recursive function in order to gracefully avoid call depth
   overflow, in the event that there are too many nextLink's (i.e., too may users to return in large orgs).  It is
   still recommended to use the $top OData query option to set a larger page size to reduce the number of
   nextLink's required to fetch all results.  This change just avoids any issues with call depth overflow,
   regardless of proactive/strategic $top usage.

-   Updated New-MSGraphAccessToken so that it includes a new property in the output - 'issued_at'.  This new
   property will be used by Get-AccessTokenExpiration.

-   Updated Get-AccessTokenExpiration so that it does its check using the 'issued_at' and 'expires_in' properties
   from objects output by New-MSGraphAccessToken.  This is being done because during a Microsoft Identity Platform
   webinar, I learned that Microsoft will soon begin encrypting all access tokens and that they should never be
   looked at by programs, including to determine when they'll expire.  With the shimmmed-in 'issue_at' property,
   combined with the already-included expires_in property that comes with the access_token, we can still
   accomplish the same goal.


Version History

Version Downloads Last updated
0.6.0 (current version) 148 1/12/2022
0.5.5 87 9/9/2021
0.5.0 24 8/24/2021
0.4.1 45 5/27/2021
0.4.0 20 5/13/2021
0.3.1 21 4/21/2021
0.3.0 18 4/14/2021
0.2.0 37 1/3/2021
0.1.0 21 12/17/2020
Show more