Using Invoke-MgGraphRequest to Get All Apps Installed in Teams
The Invoke-MgGraphRequest cmdlet is a versatile tool in Microsoft Graph PowerShell that allows you to make custom API requests. This article explains how to use it to retrieve all apps installed in a Microsoft Team. Though Get-MgTeamInstalledApp is available, Invoke-MgGraphRequest provides additional flexibility for custom API calls. Let's explore the syntax, examples, and tips for using this cmdlet effectively.
Cmdlet Syntax
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/teams/{team-id}/installedApps"Replace {team-id} with the actual ID of the Microsoft Team from which you want to retrieve installed apps.
Usage Examples
Example 1: Get All Apps Installed in a Specific Team
This command retrieves all apps installed in the team with the specified ID.
$teamId = "6903fa93-605b-43ef-920e-77c4729f8258"
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/teams/$teamId/installedApps"
Cmdlet Tips
- Token Expiry: Make sure your session has a valid authentication token by logging in with
Connect-MgGraphbefore making API calls. - Permissions: Ensure that the required permissions (e.g.,
TeamsApp.Read.AllorTeamsAppInstallation.ReadForUser.All) are granted to your app or account. - Pagination: If the result set is large, handle pagination by following the
@odata.nextLinkproperty to retrieve additional pages.
Possible Errors & Solutions
Error: "Access Denied" (403 Forbidden)
Cause: Insufficient permissions to list the installed apps in the team.
Solution: Ensure you have the correct permissions. You may need to grant the appropriate permissions in Azure AD.
Error: "Invalid Team ID" (400 Bad Request)
Cause: The team ID is incorrect or malformed.
Solution: Verify the team ID using Get-MgTeam or Get-MgGroup to retrieve the correct ID.
Error: "Rate Limit Exceeded" (429 Too Many Requests)
Cause: Microsoft Graph's throttling limit has been exceeded.
Solution: Implement retry logic by waiting for a specified period before retrying. Use the Retry-After header to determine the recommended wait time.
Use Cases
1. Monitoring Installed Apps in Teams
Administrators can use this cmdlet to monitor installed apps and ensure compliance with internal policies by comparing installed apps against an approved list.
$approvedApps = @("com.microsoft.todo", "com.microsoft.powerbi")
$installedApps = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/teams/$teamId/installedApps"
$nonApprovedApps = $installedApps.value | Where-Object { $_.'teamsApp@odata.bind' -notin $approvedApps }2. Generating Reports on App Usage in Teams
Use Invoke-MgGraphRequest to gather data on app installations across teams, then generate reports to analyze app usage trends.
$teamIds = @("teamId1", "teamId2", "teamId3")
foreach ($teamId in $teamIds) {
$installedApps = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/teams/$teamId/installedApps"
$appReport += $installedApps.value | Select-Object @{n='TeamId'; e={$teamId}}, 'teamsApp@odata.bind'
}
$appReport | Export-Csv -Path "AppUsageReport.csv" -NoTypeInformationConclusion
The Invoke-MgGraphRequest cmdlet is a powerful tool for making custom API requests not covered by specific Graph PowerShell cmdlets. By using it to list apps installed in Microsoft Teams, administrators can automate app monitoring, ensure compliance, and generate useful reports. Its flexibility makes it invaluable for working with the full spectrum of Microsoft Graph APIs, allowing for advanced customization in managing Teams environments.