Microsoft Graph Deep Dive Series — Part 4 — SharePoint 1

This quick reference guide is designed for SharePoint system administrators who are new to Microsoft Graph PowerShell. Each section contains simple, practical commands that you can use immediately to manage SharePoint Online and OneDrive for Business.

SharePoint Site & Library Operations

In this section, we need to use a Registred Entra ID application to be able to execute commands on different SharePoint sites. This is necessary for the rest of the commands. I will detail the steps to follow in the next step.

Register Entra ID Application

  • Connect to entra ID : https://entra.microsoft.com/
  • Select “App Registration” -> “New Registration
  • Give a name to your new App
  • Select “Accounts in this organizational directory only (GlobalITnow only – Single tenant)
  • Click “Register

Copy Client ID and Tenant ID in notepad, we’ll use them in connection script later.

  • Go to Certificates & Secrets -> Client Secrets -> New Client Secret
  • Give new name to your secret and select expiration period
  • Click “Add

Copy generated secret in notepad with previous copied Client ID and Tenant ID.

  • Now, we need to assign permissions to our Registred Entra ID App
  • Go to “API Permissions” -> “+ Add a permission“
  • Select Microsoft API -> Microsoft Graph

Select “Application Permissions” then Add these permissions one by one :

  • Sites.ReadWrite.All , Files.ReadWrite.All , User.Read.All
  • Select “Grant Admin consent” then click “Yes“.
  • You”ll see all permission turned to green as the following printscreen
  • Now you’re done with Entra ID Application Registration, let’s see how to connect to it and how to execute all command lines.

Install Required Modules

Install-Module Microsoft.Graph -Scope CurrentUser -Force
Import-Module Microsoft.Graph

Authentication with App Registration

This connection is to connect to our Entra ID application (SharePoint-Test-App in my case).

You just need to change the 3 first variables then execute :

# -------------------------------------------------- Change this variables -----------------------------------------
# Connect using app credentials
$TenantId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$ClientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# -------------------------------------------------- Noting to change here -----------------------------------------
$Scope = "https://graph.microsoft.com/.default"
$AuthUrl =
"https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
$Body = @{
    client_id = $ClientId
    scope = $Scope
    client_secret = $ClientSecret
    grant_type = "client_credentials"
}
$Connection = Invoke-RestMethod -Method POST -Uri $AuthUrl -Body $Body -ContentType "application/x-www-form-urlencoded"
$AccessToken = $Connection.access_token

# Convert token to SecureString
$SecureToken = ConvertTo-SecureString -String $AccessToken -AsPlainText -Force

# Use the token for authentication
Connect-MgGraph -AccessToken $SecureToken

Site Discovery and Basic Information

List All SharePoint Sites

Permissions : Sites.Read.All

This command is to all list your tenant SharePoint sites.

# Get all sites in your tenant
Get-MgSite -All | Select-Object DisplayName, WebUrl, CreatedDateTime

Search for Specific Sites

Permissions : Sites.Read.All

This command is used to search for a specific site by a full name or just a piece of a name.

# Search sites by name
Get-MgSite -Search "Team" | Select-Object DisplayName, WebUrl

Get Site Details by URL

Permissions: Sites.Read.All

# Get specific site information
$Site = Get-MgSite | where WebUrl -EQ "https://tenant.sharepoint.com/sites/teamsite"
$Site | Select-Object DisplayName, Description, CreatedDateTime

Check Site Storage Usage

Permissions: Sites.Read.All

# Get site storage information for specific SahrePoint Site
$SiteURL = "<SharePoint Site URL>"
$SiteId = (Get-MgSite | where WebUrl -EQ $SiteURL).Id
$UsedSpace = Get-MgSiteDrive -SiteId $SiteId | Select-Object @{Name="UsedGB";Expression={[math]::Round($_.Quota.Used / 1GB, 2)}} | Select -First 1
Write-Host "Used Space for $SiteURL = $($UsedSpace.UsedGB)" -ForegroundColor Green

Document Library Management

List All Document Libraries in a Site

Permissions: Sites.Read.All

# Get all document libraries
# Get site storage information for specific SahrePoint Site
$SiteURL = "<SharePoint Site URL>"
$SiteId = (Get-MgSite | where WebUrl -EQ $SiteURL).Id
Get-MgSiteDrive -SiteId $SiteId | Select-Object Name, DriveType, WebUrl

List Files in Document Library

Permissions: Files.Read.All

# List files in default Documents library
$SiteURL = "<SharePoint Site URL>"
$SiteId = (Get-MgSite | where WebUrl -EQ $SiteURL).Id
$DriveId = (Get-MgSiteDrive -SiteId $SiteId | where Name -EQ "Project1-Documents").Id
Get-MgDriveRootChild -DriveId $DriveId | Select-Object Name, Size, LastModifiedDateTime

Upload File to SharePoint Library

Permissions: Files.ReadWrite.All

# Upload a file to SharePoint Library
$SiteURL = "<SharePoint Site URL>"

# Library Name
$LibraryName = "Project1-Documents"

# Path of input file to be uploaded to sharepoint$DocumentPath = "C:\temp\document1.txt"
$SiteId = (Get-MgSite | where WebUrl -EQ $SiteURL).Id
$DriveId = (Get-MgSiteDrive -SiteId $SiteId | where Name -EQ $LibraryName).Id
Set-MgDriveItemContent -DriveId $DriveId -DriveItemId "root:/document1.txt:" -InFile $DocumentPath

Download File from SharePoint Library

Permissions: Files.Read.All

# download a file from SharePoint Library
# Site URL
$SiteURL = "https://globalitnow.sharepoint.com/sites/Finance"

# Library Name
$LibraryName = "Project1-Documents"

# SharePoint File Name
$SharePointFileName = "PowerShell-7.5.1-win-x64.msi"

# Path of output file
$DocumentPath = "C:\temp\PowerShell-7.5.msi"
$SiteId = (Get-MgSite | where WebUrl -EQ $SiteURL).Id
$DriveId = (Get-MgSiteDrive -SiteId $SiteId | where Name -EQ$LibraryName).Id
Get-MgDriveItemContent -DriveId $DriveId -DriveItemId "root:/$($SharePointFileName):" -OutFile $DocumentPath

Create Folder in Document Library

Permissions: Files.ReadWrite.All

# Create new folder
# Parameters
$SiteURL = "<SharePoint SIte URL>"
$LibraryName = "<Library Name>"
$NewFolder = "<New Folder Name>"

# Retrieve the site and library (drive) credentials
$SiteId = (Get-MgSite | Where-Object { $_.WebUrl -eq $SiteURL }).Id $DriveId = (Get-MgSiteDrive -SiteId $SiteId | Where-Object { $_.Name -eq $LibraryName }).Id
$Body = @{
    name = $NewFolder
    folder = @{
    childCount = 0 # Number of children (required, even if empty)
    }
    "@microsoft.graph.conflictBehavior" = "rename"
}
# Create New Folder
New-MgDriveItemChild -DriveId $DriveId -DriveItemId "root" -BodyParameter $Body

Thanks

Aymen EL JAZIRI (Microsoft MVP)
Aymen EL JAZIRI (Microsoft MVP)

Hi, I’m Aymen El Jaziri , a passionate System Administrator and Microsoft MVP, with years of hands-on experience in managing and securing modern IT infrastructures.
This blog is where I share technical guides, automation scripts, product reviews, and real-world solutions that help IT professionals simplify their day-to-day work and stay ahead in a fast-evolving cloud ecosystem.
Whether you’re here to troubleshoot an issue, improve your automation game, or learn new best practices , welcome in my blog !
Let’s build a stronger, smarter IT community together.
Feel free to connect with me on LinkedIn for more content, discussions, or collaboration opportunities.

Thanks

Aymen

Articles: 154

Related Posts

Trending now

Why it’s important to to disable user application consent in Microsoft 365
Intune Security Deep Dive : Enable Tamper Protection to Secure Defender Settings on Windows Devices
Unlock Your Microsoft 365 Tenant after Conditional Access misconfiguration in One Click
Maximize RDS Collection Efficiency : PowerShell Automation for Seamless Maintenance