In Previous Article, we have registered application and selected permissions which is required the Administrator Consent
To grant admin consent, Click on Grant admin consent for undefined
Login using the Global administrator to provide the admin consent
Click on Accept which enables application to provide the Admin Consent on behalf the tenant users
Now you can see Admin Consent has been given for the domain name Windowstechpro.com
We are given with admin consent for the application registered. it is time to create client secret to connect to the Graph API
Select the Description and select the Expiration of the client secret
Click on Add
Now the client secret has been generated, Copy the Secret
We have done all the required actions.. we do have ClientId, TenantID, Client Secret to connect graph using the Codes.
Let’s try now connecting the Tenant to get the user information
# Azure AD OAuth Application Token for Graph API
# Get OAuth token for a AAD Application (returned as $token)
# Application (client) ID, tenant ID and secret
$clientId = "Client ID"
$tenantId = "Tenant ID"
$clientSecret = 'Client Secret'
# Construct URI
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
# Construct Body
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
# Get OAuth 2.0 Token
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
# Access Token
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
#Azure AD User Details
$apiUrl = 'https://graph.microsoft.com/v1.0/users/'
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $apiUrl -Method Get
$users = ($Data | select-object Value).Value
$users | Export-Csv "C:\Users\radhakrishnan.g\Desktop\OUT\users1.csv" -NoTypeInformation 
Could see user details are exported in the CSV file without any issues which show that application registered has right permissions
If required to connect any other Office 365 Work Loads, without proper permissions assigned, it will still fail with error Insufficient Privilege .
In above screenshot, We have tried to connect to Groups without Permissions that is the reason it failed. We still able to assign the permissions again for the application to connect to the right workload
Provide the admin consent required for other permissions name
Once it has been done, you can run the application codes again and see the results without any issues
#Azure AD OAuth Application Token for Graph API
#Get OAuth token for a AAD Application (returned as $token)
#Application (client) ID, tenant ID and secret
$clientId = "Client ID"
$tenantId = "Tenant ID"
$clientSecret = 'Client Secret'
Construct URI
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
Construct Body
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
Get OAuth 2.0 Token
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
Access Token
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
Azure AD Groups Including all groups Details
$apiUrl = 'https://graph.microsoft.com/v1.0/groups/'
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $token"} -Uri $apiUrl -Method Get
$Groups = ($Data | select-object Value).Value
$Groups | Export-Csv "C:\Users\radhakrishnan.g\Desktop\OUT\groups.csv" -NoTypeInformation
Likewise, we can use the graph for all the workloads of Microsoft Office 365 Services.
Let’s see all the Graph options in detailed in the upcoming articles..