How To Install the Microsoft Graph PowerShell Module

  • Post author:
  • Post category:Main
  • Post last modified:March 20, 2024
  • Reading time:8 mins read

The Microsoft Graph PowerShell module is the preferred method for managing your Microsoft cloud services, such as Intune and Entra, through the command line. It provides a powerful, versatile, feature-reach experience while allowing you granular control over your permissions.

In this article, I show you how to install the Microsoft Graph PowerShell module in a few simple steps.


To successfully install the Microsoft Graph PowerShell module, you must first ensure you meet the following pre-requisites:

  • You must have PowerShell 5.1 or later installed
  • You must have .NET Framework 4.7.2 or later installed
  • The latest version of PowerShellGet must be installed.

PowerShell script execution should also be set to remote signed or less restrictive. 

Check and upgrade your PowerShell version

To check which version of PowerShell you have installed, open PowerShell on your workstation and type the following command: $PSVersionTable.PSVersion

PowerShell Version
PowerShell Version

You can see from the screenshot, I am running version 5.1. As PowerShell 7 or later is recommended, I am going to update to the latest version. You will need to be a local administrator on your workstation to complete this step.

Run the following command to download and install the latest version of PowerShell 7 from the official GitHub repository.

iex “& { $(irm } -UseMSI”

When the installation wizard launches, click Next.

PowerShell 7 Install Wizard, click Next
PowerShell 7 Install Wizard, click Next

Choose the installation folder (I recommend leaving the default) and click Next.

PowerShell 7 Install Wizard, click Next
PowerShell 7 Install Wizard, click Next

Leave the Optional Actions page as default and click Next.

PowerShell 7 Install Wizard, optional actions

I recommend you leave the update options as default and then click Next.

PowerShell 7 Install Wizard, update options

Lastly, click Install.

PowerShell 7 Install Wizard, click install
PowerShell 7 Install Wizard, click install

Once the installation completes, close your existing PowerShell window and search for PowerShell 7 in your start menu.

Search for PowerShell 7
Search for PowerShell 7

Open PowerShell 7 to confirm the installation was successful.

Install Microsoft Graph PowerShell

The Install-Module cmdlet should be used to install the Microsoft Graph PowerShell module for either all users on your system or only the currently logged-in user.

Use the below examples to install the latest generally available (stable) version of the Microsoft Graph PowerShell module from the PowerShell Gallery.

To install the module for the current user scope:

Install-Module Microsoft.Graph -Scope CurrentUser

Or to install for all users on your system: (you will need local admin rights on your system):

Install-Module Microsoft.Graph -Scope AllUsers

The above commands can both be run in PowerShell 5.1 or PowerShell 7; however, installing one will not install it for the other.

You can also use the -allowprelease parameter to install preview versions of the module. This is useful if the preview version contains functions and commands that are not in the latest stable version.

The this following command to install the latest pre-release version of the module:

Install-Module Microsoft.Graph -Scope AllUsers -allowprerelease

You can confirm which version has been installed with the following command:

Get-InstalledModule | Where-Object {$_.Name -match "microsoft.graph"}

Your results should look like the following:

View installed version of Microsoft Graph
View installed version of Microsoft Graph

Connect to Microsoft Graph with PowerShell

Now you have installed the required module you can use the Connect-MgGraph cmdlet to connect to your environment from within PowerShell.

However, when connecting to Microsoft Graph with just Connect-MgGraph and no additional parameters, we will only have access to our own user account in the PowerShell session. As such, you must supply the needed permission scopes when connecting to your environment. For Example:

If you want ‘read’ and ‘write’ access to all user accounts in your tenant:

Connect-MgGraph -Scopes "User.Read.All","User.ReadWrite.All"

Or if you want ‘read’ and ‘write’ access to groups:

Connect-MgGraph -Scopes "Group.ReadWrite.All"

For a full breakdown of all the available permissions you can specify when connecting to Microsoft Graph, check out the permissions reference sheet from Microsoft:

How to convert existing PowerShell scripts to Microsoft Graph

There is no automatic method to convert your existing PowerShell scripts to the Microsoft Graph PowerShell format. In most cases, the commands have been renamed, and the responses may be returned in a different format.

For example, if you were working with the AzureAD PowerShell module and you ran Get-AzureADApplication to get a list of all applications in Microsoft Entra using Microsoft Graph PowerShell, you would run Get-MgApplication. This rule can be applied to most cmdlets. 

Microsoft has a page dedicated to mapping the existing cmdlets to Microsoft Graph here: cmdlet map.

Why use Microsoft Graph over the existing AzureAD and MSOnline PowerShell modules?

The existing Azure AD and MSOnline modules are planned for depreciation and although there is no concrete time for this to happen, it is likely to be sometime mid 2023. This means a couple of things…

Firstly you must skill up on Microsoft Graph. Although the core concepts are the same, there are many different commands that you may not be familiar with. 

Secondly, any existing scripts you run will need to be converted to Microsoft Graph.

How to fix The term 'connect-mggraph' is not recognized

In some cases, you may be trying to connect to Microsoft Graph through PowerShell and get the following error when trying to run the connect cmdlet:

connect-mggraph : The term ‘connect-mggraph’ is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. 

If you do receive this error, it is likely that you either do not have Microsoft Graph installed or you are using the wrong version of PowerShell on your system. It could also be that you only installed it previously for the current user context and now you are logging in as a different account. Check the next section to learn how to resolve.

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

This Post Has 8 Comments

  1. Stephane

    Hi Daniel, Thank you so much for your documentation. I added this command for install Microsoft Module.

    Install-Module Microsoft.Graph.Beta

  2. Stephane

    Do you have a script to block all users who have been inactive for 365 days using the csv file extracted from the previous script ?

    1. Daniel Bradley

      Yes I have a script for that, I’ll look at turning it into a blog post 🙂

  3. Brad

    i am not seeing all my 365 users when i run get-mguser command
    any ideas?

    1. Daniel Bradley

      Hey Brad, you should add -All to the end of your command to see all users.

  4. Stephane

    How to connect to Microsoft Graph with app permissions?
    Every time I do the Connect-MgGraph command, it connects via the delegated permissions of the Micrososft Graph Command Tools application, I instead want it to connect with my application registered in Entra.

    Connect-MgGraph -Scopes “User.Read.All”, “User.Read.Write.All”

    1. Daniel

      Hi Stephane! You have a couple of options:

      $Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint
      Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -Certificate $Cert

      $ClientSecretCredential = Get-Credential -Credential "Client_Id"
      # Enter client_secret in the password prompt.
      Connect-MgGraph -TenantId "Tenant_Id" -ClientSecretCredential $ClientSecretCredential

Leave a Reply