M365Corner

🔧 New: User Management Graph PowerShell Toolkit

Simplify user tasks like bulk creation, updates, password resets, deletions, license checks & more — all from one place.

🚀 Launch Toolkit
M365 PowerShell

Get-MgContext — Inspect Your Current Graph PowerShell Session

Get-MgContext shows details about your current Microsoft Graph PowerShell authentication/session—who you’re signed in as, the tenant, cloud environment, auth type (Delegated/App-only), and especially the Scopes you granted. It’s perfect for quick sanity checks and for scripts that need to assert required permissions before running.


Cmdlet Syntax

Get-MgContext
  • Returns the current Microsoft Graph context object (or nothing if you haven’t connected).

Usage Examples

Example 1: Get-MgContext

Get-MgContext

What you’ll see (common fields):

  • Account (signed-in identity)
  • TenantId
  • Environment (e.g., Global/GCCHigh/DoD)
  • AuthType (Delegated or AppOnly)
  • ClientId / CertificateName (for app-only/auth cert scenarios)
  • Scopes (delegated permissions granted in this session)

Example 2: List the granted scopes only

Get-MgContext | Select -ExpandProperty Scopes

Outputs the exact delegated scopes (e.g., User.Read.All, Group.Read.All) so you can confirm your session has what your script needs.


iii) Cmdlet Tips

  • Run after Connect-MgGraph: Use it immediately after connecting to verify tenant, environment, and scopes are correct.
  • Guard your scripts: Assert required scopes up front to fail fast with a helpful message:
    • $required = @('User.Read.All','Group.Read.All')
$granted  = Get-MgContext | Select -ExpandProperty Scopes
$missing  = $required | Where-Object { $_ -notin $granted }
if ($missing) {
 throw "Missing required scopes: $($missing -join ', '). Run: Connect-MgGraph -Scopes '$($required -join "','")'"
}
  • Check auth mode: AuthType tells you if you’re using Delegated (user-based) or AppOnly (client credentials). App-only sessions won’t have user delegated scopes.
  • Multi-tenant sanity check: In automation, confirm TenantId to avoid running in the wrong tenant.
  • Cloud awareness: Environment ensures you’re targeting the right national cloud (e.g., USGov, DoD).

iv) Possible Errors & Solutions

Error Cause Solution
No output / $null context You haven’t connected yet, or you disconnected Run Connect-MgGraph first. If needed, specify scopes: Connect-MgGraph -Scopes "User.Read.All","Group.Read.All".
PropertyNotFoundException on -ExpandProperty Scopes Context exists but Scopes is empty (e.g., app-only auth) or context is null For app-only, scopes won’t exist—check AuthType. For null, connect first. Guard with: `if ($ctx = Get-MgContext) { $ctx
Stale/wrong tenant shown Connected to another tenant earlier Reconnect explicitly: Disconnect-MgGraph; Connect-MgGraph -TenantId -Scopes ....
Missing permissions at runtime Granted scopes don’t include what your script needs Reconnect with full set: Connect-MgGraph -Scopes "User.Read.All","Group.Read.All",... or switch to App-only if appropriate and grant required app roles.
Running non-interactively fails No cached token / consent in automation Use app-only with certificate/secret and granted application permissions; then Get-MgContext will show AuthType = AppOnly.

v) Conclusion

Get-MgContext is your session health dashboard for Graph PowerShell. Use it to confirm who you’re authenticated as, which tenant/cloud you’re in, how you’re authenticated, and what scopes you actually have. Add quick assertions to your scripts to prevent permission surprises and ensure they run in the right tenant with the right access—every time.


Table of Contents

X

Table of Contents

Graph PowerShell Explorer Widget

20 Graph PowerShell cmdlets with easily accessible "working" examples.


Permission Required

Example:


                

                

                

                

                

            

        

    


 
            

        

    

    
    
    
    

        

            © m365corner.com. All Rights Reserved.
            Design by HTML Codex