Recently I fall in love with Microsoft Graph. 🙂 I was honored invited to MMSMOA talk about Intune Graph with David Falkus and Timmy Andersson. We talked about what is Microsoft Graph, how to start use it and how to use Intune Graph PowerShell SDK. Last week,  Tom Degreef asked if there is PowerShell Module for Microsoft Planner. So I did some research, and got an idea that how about make my own PowerShell module for Microsoft Planner using Microsoft Graph. I have never upload anything to PowerShell Gallery, this will full fill my bucket list as well. 🙂

You can find the module directly from PowerShell Gallery and my Github

Let’s break down some details of this module.

Authentication

The module is using Native Application that hosted in my own tenant by default, it uses permission Group.Read.All, Group.ReadWrite.All, User.Read and User.ReadBasic.All, these are the minimum permission requirement to create Planner plans, buckets and tasks. But, I would really hope you use own application for this module, because it will give you more control of those permissions, or if you wants to add more actions in your scripts. Here are the steps how to create this native app.

  1. Go to your Azure Portal, Click on Azure Active Directory, click on App registrations, then New registration

  2. Input a name example Planner PowerShell. Supported account types choose organizational directory only. You can also use any organizational directory,  if you manage multiple tenants and wants use this app to all your tenants.
    Redirect URI, choose Public client (mobile & desktop), and value as urn:ietf:wg:oauth:2.0:oob

  3. After registered this app, go to Authentication, change Default client type from to Yes, so that this will be  a public native client

  4. Click on API permissions, choose Microsoft Graph, then add Delegated permissions: Group.Read.All, Group.ReadWrite.All, User.Read and User.ReadBasic.All

  5. (Optional but also necessary) Grant admin consent. This is very much depend on your own environment and usage. Without admin consent, normal users aren’t able to run this application. If you are the only admin who use this app, then you don’t need grant consent to others. But if you want another non-admin person use this module, you should grant admin consent. Because this is using delegated permission, the required permissions will be a combination of 1) what the user has permissions to do and 2) what the application has permissions to do. (Read the details from this blog https://developer.microsoft.com/en-us/graph/blogs/30daysmsgraph-day-11-azure-ad-application-permissions/ )

    NOTE:

    • if you want to use connect-planner -Credential , you must use Grant admin consent
    • if you are using MFA, then you cannot use connect-planner -Credential, because it won’t popup MFA authentication window

 

Update Planner Module environment

After register your own app, copy it’s application client ID to your note.

Then install the PlannerModule, and update the module to use your own application instead of the default one.

 

How to use this module

At first, this module is not 100% ready, there is no delete function yet, it can create plans, buckets, tasks, assign tasks to users, add checklist, add labels, assign labels, add descriptions, create Office 365 groups, add user to Office 365 groups.  It doesn’t handle “for each” objects, only the Invoke-AssignPlannerTask can add multiple array.

Here are some examples. Note: I will update those example in my Github.

# PlannerModule
PowerShell module for Microsoft Planner

#Examples:

#Check Planner PowerShell module

$PlannerModule = Get-Module -Name "PlannerModule" -ListAvailable

if ($PlannerModule -eq $null)
{
  Write-host "Planner PowerShell module not found, Start install the module"
  Install-Module "PlannerModule" -AllowClobber -Force
}


#Connect to Microsoft Planner

Connect-Planner -ForceNonInteractive True

#Definde variables
$GroupName = "A NewPlan 01"
$PlanName = "PowerShell Test Plan 03"
$BucketName = "PowerShell bucket"
$TaskName = "Test Task"

#Create new plan with Private O365 Group (this will also create new O365 Group), can also create public group
#$result01 = New-PlannerPlan -PlanName $PlanName -visibility Private
#$PlannerPlanID = $result01.id


#Create New Office 365 Group
$responde = New-AADUnifiedGroup -GroupName $GroupName -visibility Private
$GroupID = $($responde.id)

#sometimes there is delay creating the group.
Start-Sleep 10

#create new plan using exsiting O365 Group
$responde1 = New-PlannerPlanToGroup -PlanName $PlanName -GroupID $GroupID
$PlannerPlanID = $($responde1.id)

#Create new Bucket
$responde2 = New-PlannerBucket -PlanID $PlannerPlanID -BucketName $BucketName
$PlannerPlanBucketID = $responde2.id

#Create task
$responde3 = New-PlannerTask -PlanID $PlannerPlanID -TaskName $TaskName -BucketID $PlannerPlanBucketID -startDate "2019.6.3" -dueDate "2019.6.30"
$PlannerPlanTaskID = $responde3.id

#Assign task to users
Invoke-AssignPlannerTask -TaskID $PlannerPlanTaskID -UserPrincipalNames "[email protected]", "[email protected]"

#Add task check list
Add-PlannerTaskChecklist -TaskID $PlannerPlanTaskID -Title "Check1" -IsChecked $false
Add-PlannerTaskChecklist -TaskID $PlannerPlanTaskID -Title "Check2" -IsChecked $true
Add-PlannerTaskChecklist -TaskID $PlannerPlanTaskID -Title "Check3" -IsChecked $false

#add task description
Add-PlannerTaskDescription -TaskID $PlannerPlanTaskID -Description "This is test task created by powershell planner module"

#Add or update labels
Update-PlannerPlanCategories -PlanID $PlannerPlanID -category1 "Kieken" -category2 "smart" -category3 "very smart" -category4 "wise" -category5 "something"

#Assign Planner Task lables
Invoke-AssignPlannerTaskCategories -TaskID $PlannerPlanTaskID -category1 $false -category2 $true -category3 $true -category4 $false -category5 $false -category6 $false

 

Hope you like this module. 🙂

 

 

 

(2950)

comments
  • Jonas Hjalmarsson
    Posted at 08:20 July 24, 2019
    Jonas Hjalmarsson
    Reply
    Author

    Thanks for this! Great module. I only miss the -Credential argument on Connect-Planner to skip the manual login. Or is there another way around that?

    • Zeng Yinghua
      Posted at 13:35 July 25, 2019
      Zeng Yinghua
      Reply
      Author

      Hello Jonas, I just publish a newer version 1.0.2.1, that will allow you use Connect-Planner -$Credential. Example:

      $Cred = Get-Credential
      Connect-Planner -$Credential

      thanks,
      Sandy

  • Dieter Geiss
    Posted at 16:30 August 12, 2019
    Dieter Geiss
    Reply
    Author

    Dear Sandy,

    there is a typo in this function: “Update-PlannerModuelEnvironment”. I think the real name should be “Update-PlannerModuleEnvironment”. Would you mind to correct this? of course you have to update the description here since it uses that wrong name.

    Thanks
    Dieter

    • Zeng Yinghua
      Posted at 18:49 August 14, 2019
      Zeng Yinghua
      Reply
      Author

      Hello Dieter, another person also pointed out there is typo in function, but I didn’t want to remove the old function name, because I can’t know if anyone is using it already or not. If I change/delete that function, it might break other people’s script. I will properly add the correct one and update description in the old one.

      Thanks
      Sandy

  • Juan Tuhod
    Posted at 05:35 August 23, 2019
    Juan Tuhod
    Reply
    Author

    Hi,

    Do you have documentation that we can look at?

    • Zeng Yinghua
      Posted at 18:13 October 14, 2019
      Zeng Yinghua
      Reply
      Author

      I don’t have documentation of this PowerShell module, but the script is also on github as I mentioned in my blog post. If you don’t want install the module from powershell gallery, you can get it from github and modified it for your own usage.

  • Paul G
    Posted at 15:29 September 20, 2019
    Paul G
    Reply
    Author

    Is it possible to setup access with a client secret? I would like to automate adding some items to planner.

    • Zeng Yinghua
      Posted at 18:06 October 14, 2019
      Zeng Yinghua
      Reply
      Author

      Hello Paul,

      Good question! The module doesn’t support use client secret, because according to Microsoft Graph document (https://docs.microsoft.com/en-us/graph/api/planner-post-plans?view=graph-rest-beta&tabs=http), planner Graph API doesn’t support application permissions, which means it need to use credential for authentication, cannot just use client secret. But I am not 100% sure about it since you are asking, because I can see there is application permission for “Group.ReadWrite.All” available in Azure application API permission, so I can’t say for sure if it’s possible or not without testing more.

      Regards, Sandy

  • Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.