I've been having a tough time trying to use the Microsoft.Graph module to access our tenant information through an application that has Users.Read.All permissions set both as delegate and application. Despite repeatedly following the same steps that suggestions from ChatGPT and GitHub Copilot provided, I'm still hitting roadblocks.
I have the required parameters like $tenantID, $applicationID, and $secret, but each attempt to connect to M365 using the Connect-MGGraph CMDlet results in an error. The specific error I'm receiving is: "Connect-MgGraph: Cannot bind parameter 'ClientSecretCredential'. Cannot convert the value of type 'System.Security.SecureString' to type 'System.Management.Automation.PSCredential'."
I've reinstalled the Microsoft.Graph modules multiple times and even cleared all related directories on my system. I made sure to try connecting both using the $secret as a secure-string and in plaintext, but nothing seems to work.
Interestingly, I can connect to the tenant using this code snippet:
$ClientSecretCredential = Get-Credential -Username "Client_Id"
Connect-MgGraph -TenantId "Tenant_Id" -ClientSecretCredential $ClientSecretCredential
The catch here is I want to avoid using this method that requires input every time, as I need automatic connectivity. Has anyone run into similar issues, or have suggestions on what to do?
1 Answer
You might want to try this approach:
$tenantId = "IDHERE"
$clientId = "IDHERE"
$clientSecret = ConvertTo-SecureString "CLIENTSECRETHERE" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($clientId, $clientSecret)
Connect-MgGraph -NoWelcome -ClientSecretCredential $credential -TenantId $tenantId.
Using a certificate for automation is really the best practice here as leaving passwords in your scripts can be risky!
Yeah, if you're looking for automation, consider something like an Azure Runbook with a managed identity. You won't have to manage credentials at all!