Connect-MSGraph command unable to execute in Azure Functions powershell core 6

1
votes

I have an azure function with Powershell core 6 environment create,

Wanted to run some of the MS graph powershell modules like "Get-IntuneManagedDevice | Get-MSGraphAllPages" but this requires token which i tried to use "Connect-MSGraph" but when executed got the following error Error: Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.): Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.

can anyone help me in the fix or correct me if I am doing it wrong at any point.

3
azurepowershellazure-functionsmicrosoft-graph-apiazure-powershell

3 Answers

0
votes

Could you you please let's know if you have already created the application, secret key etc. which are needed to be created prior to access Graph API? I have created a blog explaining "How to create mailbox folders in Exchange Online mailboxes using Graph API and PowerShell". At the first portion, I am explaining the procedure to create the application in Azure tenant. Please check that. Hope, it helps you

Create Custom Folder in Exchange Online Mailboxes using Graph API using Windows PowerShell

Thanks, Manu

0
votes

How about the following way:

  1. Downlead the latest release of Intune Power Shell SDK from the following GitHub repository https://github.com/Microsoft/Intune-PowerShell-SDK/releases

  2. Unblock the code

  3. Import the module in PowerShell

    Import-Module .\Microsoft.Graph.Intune.psd1Import-Module .\Microsoft.Graph.Intune.psd1

  4. Connect MS Grpah

    Connect-MSGraph -AdminConsent

  5. Try the In-Tune managed devices connection (Get-IntuneManagedDevice | Get-MSGraphAllPages)

Thanks, Manu

0
votes

For this problem, I don't know how to run Get-IntuneManagedDevice with token in azure powershell function. But I can provide a workaround below for your reference(use rest api to get the same result in azure powershell function which you expected).

1. Open fildder and run the command Get-IntuneManagedDevice in powershell, we can see the command request the microsoft graph api in the backend. The api is https://graph.microsoft.com/v1.0/deviceManagement/managedDevices and this page is its document (you do not need to do this step).

2. We need to add the permission for your app registered in azure ad.

enter image description here After add the permission, don't forget grant admin consent for it.

3. We can find the graph api just support Delegated permission type but not support Application permission type according to the document. enter image description here So we can't use client credential as grant type to get the access token(we can't just use secret key to get access token) as you mentioned in the comments above. We need to request the access token by password grant type, so use the command below to get access token:

$AppId = 'xxx'
$AppSecret = 'xxx'
$Scope = "https://graph.microsoft.com/.default"
$TenantName = "xxx"
$username = "xxx"
$password = "xxx"
$Url = "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token"
Add-Type -AssemblyName System.Web
$Body = @{
    client_id = $AppId
    client_secret = $AppSecret
    scope = $Scope
    username = $username
    password = $password
    grant_type = 'password'
}
$PostSplat = @{
    ContentType = 'application/x-www-form-urlencoded'
    Method = 'POST'
    Body = $Body
    Uri = $Url
}
$Request = Invoke-RestMethod @PostSplat
$Request.access_token

4. In step 1 we know the command Get-IntuneManagedDevice request the graph api in the backend, so we just need to request the graph api and then we can get the result.

$Uri = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices"
$Header = @{
    Authorization = "$($Request.token_type) $($Request.access_token)"
}
$result = Invoke-RestMethod -Uri $Uri -Headers $Header -Method Get -ContentType "application/json"
$result.value

Hope it helps~