Recently I fall in love with Microsoft Graph. 🙂 I was honored invited to MMSMOA talk about Intune Graph with David Falkus and Timmy Andersson. We talked about what is Microsoft Graph, how to start use it and how to use Intune Graph PowerShell SDK. Last week, Tom Degreef asked if there is PowerShell Module for Microsoft Planner. So I did some research, and got an idea that how about make my own PowerShell module for Microsoft Planner using Microsoft Graph. I have never upload anything to PowerShell Gallery, this will full fill my bucket list as well. 🙂
Let’s break down some details of this module.
The module is using Native Application that hosted in my own tenant by default, it uses permission Group.Read.All, Group.ReadWrite.All, User.Read and User.ReadBasic.All, these are the minimum permission requirement to create Planner plans, buckets and tasks. But, I would really hope you use own application for this module, because it will give you more control of those permissions, or if you wants to add more actions in your scripts. Here are the steps how to create this native app.
- Go to your Azure Portal, Click on Azure Active Directory, click on App registrations, then New registration
- Input a name example Planner PowerShell. Supported account types choose organizational directory only. You can also use any organizational directory, if you manage multiple tenants and wants use this app to all your tenants.
Redirect URI, choose Public client (mobile & desktop), and value as urn:ietf:wg:oauth:2.0:oob
- After registered this app, go to Authentication, change Default client type from to Yes, so that this will be a public native client
- Click on API permissions, choose Microsoft Graph, then add Delegated permissions: Group.Read.All, Group.ReadWrite.All, User.Read and User.ReadBasic.All
- (Optional but also necessary) Grant admin consent. This is very much depend on your own environment and usage. Without admin consent, normal users aren’t able to run this application. If you are the only admin who use this app, then you don’t need grant consent to others. But if you want another non-admin person use this module, you should grant admin consent. Because this is using delegated permission, the required permissions will be a combination of 1) what the user has permissions to do and 2) what the application has permissions to do. (Read the details from this blog https://developer.microsoft.com/en-us/graph/blogs/30daysmsgraph-day-11-azure-ad-application-permissions/ )
- if you want to use connect-planner -Credential , you must use Grant admin consent
- if you are using MFA, then you cannot use connect-planner -Credential, because it won’t popup MFA authentication window
Update Planner Module environment
After register your own app, copy it’s application client ID to your note.
Then install the PlannerModule, and update the module to use your own application instead of the default one.
How to use this module
At first, this module is not 100% ready, there is no delete function yet, it can create plans, buckets, tasks, assign tasks to users, add checklist, add labels, assign labels, add descriptions, create Office 365 groups, add user to Office 365 groups. It doesn’t handle “for each” objects, only the Invoke-AssignPlannerTask can add multiple array.
Here are some examples.
Hope you like this module. If you would like to contribute this module, please make poll request in my GitHub