收到 401 未经授权的错误 - MS Graph/PowerShell

Getting 401 Unauthorized Error - MS Graph/PowerShell

试图掌握 PowerShell 中 MS Graph 的窍门。已经在Azure中设置了应用注册,可以连接到Graph就好了。

但是,一旦我尝试查询图形 API,我就会收到 401 未经授权的错误。对于下面的示例,我已将所有可能的 Device/Devicemanagement 权限添加到 Azure 应用程序 API 权限。请参阅下面的代码:

[CmdletBinding()]
param (
    [Parameter()]
    [String]$Device
)

#Check if the module is installed
$GraphInstalled = Get-Module -ListAvailable -Name "Microsoft.Graph"
If (!$GraphInstalled) {
    Write-Host "Microsoft Graph module not found." -f Yellow
    Write-Host "Installing Microsoft Graph module. . ." -f Yellow
    Install-Module -Name "Microsoft.Graph" -Repository "PSGallery" -Force -AllowClobber
}

Write-Host "Connecting to MS Graph. . ." -f Yellow
$AppID = 'x'
$TenantID = 'x'
$Certificate = 'x'
Connect-MgGraph -ClientID $AppID -TenantID $TenantID -CertificateThumbprint $Certificate


function Get-AzureADDevice {

    [CmdletBinding()]
    param(
    [Parameter()]
    [String]$Name
    )

    $GraphVersion = "v1.0"
    $Header = @{

    Authorization = "$($Request.token_type) $($Request.access_token)"
    }
    
    try {

        $Resource = "Devices/?`$filter=devicename eq '$Device'"
        $Uri = "https://graph.microsoft.com/$GraphVersion/$($Resource)"

        (Invoke-RestMethod -Uri $Uri -Headers $Header -Method Get).Value

    }
    catch{

        Write-Host "An error occurred:"
        Write-Host "$_"

    }


}

Get-AzureADDevice -Name $Device

我们已经在我们的环境中进行了测试并得到了同样的 401-unauthorised 问题,我们发现我们不需要为它添加任何外部函数,相反我们可以使用 Get-MgDevice

下面我们使用的脚本:

[CmdletBinding()]
param (
    [Parameter()]
    [String]$Device
)

#Check if the module is installed
$GraphInstalled = Get-Module -ListAvailable -Name "Microsoft.Graph"
If (!$GraphInstalled) {
    Write-Host "Microsoft Graph module not found." -f Yellow
    Write-Host "Installing Microsoft Graph module. . ." -f Yellow
    Install-Module -Name "Microsoft.Graph" -Repository "PSGallery" -Force -AllowClobber
}

Write-Host "Connecting to MS Graph. . ." -f Yellow
$AppID = 'xxxxxxxxxxx'
$TenantID = 'xxxxxxxxx'
$Certificate = 'xxxxxxxxx'
Connect-MgGraph -ClientID $AppID -TenantID $TenantID -CertificateThumbprint $Certificate
Get-MgDevice -Filter "displayName eq '$Device'"

输出细节供参考: