Hi Dave Richardson
Please use the below script in Automation Account
Prerequisites:
- Azure App Registration:
- Upload certificate (.cer).
- Add required Graph Application permissions (e.g., User.Read.All, Mail.Send, etc.)
- Grant Admin Consent.
- Export .pfx version of certificate and upload to:
- Azure Automation → Shared Resources → Certificates.
- Azure Automation Runbook (PowerShell)
$TenantId = "<tenant_id>"
$ClientId = "<app_id>"
$CertName = "GraphAutomationCert"
# Get certificate from automation account
$cert = Get-AutomationCertificate -Name $CertName
# Set auth and scope
$authority = "https://login.microsoftonline.com/$TenantId"
$scope = "https://graph.microsoft.com/.default"
# Import MSAL module if available (optional if preloaded)
Import-Module Microsoft.Graph.Authentication -ErrorAction SilentlyContinue
# Get token using MSAL
$tokenResponse = Get-MsalToken -ClientId $ClientId `
-TenantId $TenantId `
-ClientCertificate $cert `
-Scopes $scope
$accessToken = $tokenResponse.AccessToken
# Sample Graph API call: List users
$headers = @{
Authorization = "Bearer $accessToken"
}
$response = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users" `
-Headers $headers -Method GET
$response.value | ForEach-Object {
Write-Output "User: $($_.displayName), UPN: $($_.userPrincipalName)"
}
Please let me know if you face any challenge here, I can help you to resolve this issue further
Provide your valuable Comments.
Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.