MS Graph API Part 3: Connect to MS Graph API via certificate


In this vlog series I will show you how you can use the Microsoft Graph API  ("Graph API") to manage Azure Active Directory. 

In this third episode I will demonstrate how-to setup a connection to the Graph API with a certificate (in stead of a secret) , and retrieve all the users account from the Azure AD tenant.

The  AzureAD_GraphTokenviaCertificate script  used in the video. Please modify the red parameters to your own values.

# Example file from
# Setup Microsoft 365 environment
# Microsoft graph api documentation:
# Create Self Signed Certificate Script:,and%20create%20a%20new%20certificate.&text=This%20will%20create%20a%20new,to%20protect%20the%20private%20key.

# Minimum Required API permission for execution to list users
# User.Read.All

# Required Powershell Module
# Install-Module MSAL.PS 

# Connection information for Graph API connection - Certificate Based
$clientID = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx" #  App Id MS Graph API Connector SPN
$TenantName = "<<tenantname>>" # Example
$TenantID = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx" # Tenant ID 
$CertificatePath = "Cert:\LocalMachine\my\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Add the Certificate Path Including Thumbprint here e.g. cert:\currentuser\my\6C1EE1A11F57F2495B57A567211220E0ADD72DC1 >#
##Import Certificate
$Certificate = Get-Item $certificatePath
##Request Token
$TokenResponse = Get-MsalToken -ClientId $ClientId -TenantId $TenantId -ClientCertificate $Certificate
$TokenAccess = $TokenResponse.accesstoken

# Get all Azure AD Users via Microsoft Graph API
$GetUsersUrl = ""
$Data = Invoke-RestMethod -Uri $GetUsersUrl -Headers @{Authorization = "Bearer $($TokenAccess)" }  -Method Get 
$Result = ($Data | select-object Value).Value
$Users = $Result | select DisplayName,UserPrincipalName,Id


Have your own Azure AD test environment for free:

Download Visual Studio Code:

Download the CreationSelfSignedCertificate script:

The original CreationSelfSignedCertificate script can be found here

Download the AzureAD_GraphTokenviaCertificate script via Github: