Evotec

Project

O365Essentials

A module that helps to manage some tasks on Office 365/Azure via undocumented API

View on GitHub Releases Get package
Stars146
Forks23
Open issues3
PowerShell Gallery downloads29951
Releasev1.0.2
Language: PowerShell Updated: 2026-06-23T11:40:32.0000000+00:00

Curated Examples

Connect with WAM and explicit Graph scopes

Use O365Essentials with Windows Web Account Manager for MFA-aware sign-in and Graph scope consent.

This pattern is useful when MFA is required, when the wrong cached Windows account is selected, or when a Graph command needs a delegated scope that is not already present in the token cache.

It is adapted from Examples/ConnectO365AdminWam.ps1.

Example

Import-Module O365Essentials

$TenantId = '00000000-0000-0000-0000-000000000000'
$Credential = Get-Credential -UserName 'admin@contoso.com' -Message 'Enter the account to use as the WAM login hint'

$Headers = Connect-O365Admin `
    -UseWam `
    -Credential $Credential `
    -Tenant $TenantId `
    -ForceRefresh `
    -GraphScope 'Policy.Read.All' `
    -Verbose

Get-O365AzureConditionalAccessLocation -Headers $Headers -Verbose

What this demonstrates

  • using WAM instead of legacy OAuth cache seeding
  • using a credential username as a WAM login hint without sending the password to Graph
  • forcing the account picker when the Windows cache picked the wrong identity
  • requesting the Graph scope required by the command

Source