Connect-Entra

Connect-Entra
[[-Scopes]
    [[-Scopes] <String[]>]
    [[-ClientId] <String>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-UseDeviceCode]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

Connect-Entra
[-ClientId]
    [-ClientId] <String>
    [[-CertificateSubjectName] <String>]
    [[-CertificateThumbprint] <String>]
    [-SendCertificateChain <Boolean>]
    [-Certificate <X509Certificate2>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

Connect-Entra
[[-ClientId]
    [[-ClientId] <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-Identity]
    [-NoWelcome]
    [<CommonParameters>]

Connect-Entra
[-ClientSecretCredential
    [-ClientSecretCredential <PSCredential>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

Connect-Entra
[-AccessToken]
    [-AccessToken] <SecureString>
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

Connect-Entra
[-ContextScope
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-EnvironmentVariable]
    [-NoWelcome]
    [<CommonParameters>]

The Connect-Entra cmdlet connects to Microsoft Entra ID with an authenticated account.

Several authentication scenarios are supported based on your use case, such as delegated (interactive) and app-only (non-interactive).

Connect-Entra is an alias for Connect-MgGraph.

Connect-Entra

This example shows how to connect your current PowerShell session to a Microsoft Entra ID tenant using credentials.

Connect-Entra -Scopes 'User.Read.All', 'Group.ReadWrite.All'

Welcome to Microsoft Graph!

This example shows how to authenticate to Microsoft Entra ID with scopes.

$secureString = ConvertTo-SecureString -String $AccessToken -AsPlainText -Force
Connect-Entra -AccessToken $secureString

Welcome to Microsoft Graph!

This example shows how to interactively authenticate to Microsoft Entra ID using an access token.

For more information on how to get or create access token, see Request an access token.

Connect-Entra -UseDeviceCode

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code A1B2CDEFGH to authenticate.

This example shows how to interactively authenticate to Microsoft Entra ID using device code flow.

For more information, see Device Code flow.

$connectParams = @{
    TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee'
    ApplicationId = '00001111-aaaa-2222-bbbb-3333cccc4444'
    CertificateThumbprint = 'AA11BB22CC33DD44EE55FF66AA77BB88CC99DD00'
}

Connect-Entra @connectParams

Welcome to Microsoft Graph!

This example shows how to authenticate using an ApplicationId and CertificateThumbprint.

For more information on how to get or create CertificateThumbprint, see Authenticate with app-only access.

$params = @{
    ClientId = '00001111-aaaa-2222-bbbb-3333cccc4444'
    TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee'
    CertificateName = 'YOUR_CERT_SUBJECT'
}

Connect-Entra @params

 $Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint
 Connect-Entra -ClientId '<App-Id>' -TenantId '<Tenant-Id>' -Certificate $Cert

You can find the certificate subject by running the above command.

$Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint
$params = @{
    ClientId = '00001111-aaaa-2222-bbbb-3333cccc4444'
    TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee'
    Certificate = $Cert
}

Connect-Entra @params

$ClientSecretCredential = Get-Credential -Credential '00001111-aaaa-2222-bbbb-3333cccc4444'
# Enter client_secret in the password prompt.
Connect-Entra -TenantId 'aaaabbbb-0000-cccc-1111-dddd2222eeee' -ClientSecretCredential $ClientSecretCredential

This authentication method is ideal for background interactions.

For more information on how to get credential, see Get-Credential command.

Connect-Entra -Identity

Uses an automatically managed identity on a service instance. The identity is tied to the lifecycle of a service instance.

Connect-Entra -Identity -ClientId 'User_Assigned_Managed_identity_Client_Id'

Uses a user created managed identity as a standalone Azure resource.

Connect-Entra -ContextScope 'Process'

Welcome to Microsoft Graph!

To connect as a different identity other than CurrentUser, specify the ContextScope parameter with the value Process.

For more information on how to get the current context, see Get-EntraContext command.

Get-EntraEnvironment

Name     AzureADEndpoint                   GraphEndpoint                           Type
----     ---------------                   -------------                           ----
China    https://login.chinacloudapi.cn    https://microsoftgraph.chinacloudapi.cn Built-in
Global   https://login.microsoftonline.com https://graph.microsoft.com             Built-in
USGov    https://login.microsoftonline.us  https://graph.microsoft.us              Built-in
USGovDoD https://login.microsoftonline.us  https://dod-graph.microsoft.us          Built-in

Connect-Entra -Environment 'Global'

When you use Connect-Entra, you can choose to target other environments. By default, Connect-Entra targets the global public cloud.

 Connect-Entra -ClientTimeout 60

Welcome to Microsoft Graph!

This example Sets the HTTP client timeout in seconds.

Connect-Entra -NoWelcome

This example hides the welcome message.

Connect-Entra -EnvironmentVariable

This example allows for authentication using environment variables.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.