entra-powershell icon indicating copy to clipboard operation
entra-powershell copied to clipboard
verified publisher icon microsoftgraph

Get Started Document should explain Authentication Scopes with examples

Open ChrisHoardMVP opened this issue 1 year ago • 2 comments

In the Get Started documentation, it states:

'To use the Microsoft Entra PowerShell, you need to authenticate to access Entra resources. Sign in with an admin account of their tenant, if prompted.

Connect-MgGraph -Scopes 'User.Read.All'

However, this will only grant permissions when using specific commands such as Get-EntraUser and not work for out of scope commands such as Get-EntraGroup or New-EntraUser. Permissions errors will be thrown.

Therefore, it should explain the differences in scope such as 'User.Read.All' ''User.ReadWrite.All' 'Group.Read.All' and 'Group.ReadWrite.All' as many will just run the command above then hit permissions issues. Many are inexperienced in using graph and would not know what scopes are. Referral to the Microsoft Graph SDK documentation is good, but I would distinguish this point in the actual document.

ChrisHoardMVP avatar Feb 04 '24 09:02 ChrisHoardMVP

Hi @ChrisHoardMVP

Thanks for your feedback, we are looking into this. Also we will be adding permission reference and help in cmdlets get-help and official document of entra powershell cmdlets

v-varshamane avatar Feb 06 '24 16:02 v-varshamane

Thank you! 🔥

ChrisHoardMVP avatar Feb 07 '24 07:02 ChrisHoardMVP

Each cmdlet examples have the required scopes

Image

KenitoInc avatar Aug 07 '25 03:08 KenitoInc