I'm really struggling to get my script working after switching from AzureAD to MgGraph. I had a process that used a CSV of users to grab their devices and organize them into groups in Intune. After the transition, when I try to connect to MgGraph and call Get-MgGroup to get a group ID by name, I keep hitting an error saying "one or more errors occurred." At first, I thought I might have the wrong syntax, but after checking it, it seems correct. I also tried granting specific permissions I found, but I'm still getting the same error.
What's frustrating is that my admin ran the exact same script on the same CSV, and it worked perfectly. This makes me think it could be a permissions issue on my end. I've looked into the enterprise application permissions in Azure and confirmed both admin and user consent are set up correctly. I've tried several troubleshooting steps including uninstalling and reinstalling the Graph module, disconnecting sessions, and testing in various PowerShell environments. I'm at a loss and really appreciate any insights or ideas you might have, especially if there's a way to get more specific error messages than just "one or more errors occurred."
4 Answers
Just to clarify, if you're running your script and it's not working in ISE but it does in the terminal, it could be related to how the script is being executed. The context might change depending on the environment you're in. Make sure you're consistent with loading the required modules.
It sounds like a common issue where permissions are misconfigured. Make sure you’re connecting to MgGraph with the right scopes. If the required permissions aren't granted or if you’re missing any specific properties, that could cause errors.
Have you looked into using PIM (Privileged Identity Management)? If you need to activate the correct roles beforehand, that could be the missing link for your permissions. Also, sharing your code could help others understand what might be going wrong.
I haven’t used PIM yet, but I’ll check it out. And yeah, I guess I should post my code too.
Just an FYI, Get-MgGroup actually needs the Group.Read.All permission to function properly. If this permission isn't granted or included in your scopes, that could lead to the errors you're seeing.
Got it! I'll double-check the scopes when I connect. Thanks for the tip!