Connecting to foreign Intune tenants with Microsoft Graph and PowerShell

less than 1 minute read

If you manage multiple Intune tenants with your Azure AD account (invited as guest in the foreign tenant) we need a way to specify the tenant id we want to connect. Otherwise you will land in your home-tenant every time. This posts shows you how to accomplish that with the Intune PowerShell SDK.

If we have a look at the default Graph settings in a PowerShell session with the Intune PowerShell SDK you will notice that all authentication requests will land on the /common endpoint.

Get-MSGraphEnvironment
    
    AuthUrl : https://login.microsoftonline.com/common
    ResourceId : https://graph.microsoft.com/
    GraphBaseAddress : https://graph.microsoft.com
    AppId : d1ddf0e4-d672-4dae-b554-9d5bdfd93547
    RedirectLink : urn:ietf:wg:oauth:2.0:oob
    SchemaVersion : v1.0

To connect to a specific tenant we need to update the AuthUrl to contain the tenant id or any registered domain name of the target tenant before connecting:

Update-MSGraphEnvironment -AuthUrl "https://login.microsoftonline.com/nicolonsky.ch"

Afterewards you can connect to Microsoft Graph as usual:

Connect-MSGraph

Happy Microsoft Graph-ing with multiple tenants.

Comments