Recently I fall in love with Microsoft Graph. 🙂 I was honored invited to MMSMOA talk about Intune Graph with David Falkus and Timmy Andersson. We talked about what is Microsoft Graph, how to start use it and how to use Intune Graph PowerShell SDK. Last week,  Tom Degreef asked if there is PowerShell Module for Microsoft Planner. So I did some research, and got an idea that how about make my own PowerShell module for Microsoft Planner using Microsoft Graph. I have never upload anything to PowerShell Gallery, this will full fill my bucket list as well. 🙂

You can find the module directly from PowerShell Gallery and my Github

Let’s break down some details of this module.


The module is using Native Application that hosted in my own tenant by default, it uses permission Group.Read.All, Group.ReadWrite.All, User.Read and User.ReadBasic.All, these are the minimum permission requirement to create Planner plans, buckets and tasks. But, I would really hope you use own application for this module, because it will give you more control of those permissions, or if you wants to add more actions in your scripts. Here are the steps how to create this native app.

  1. Go to your Azure Portal, Click on Azure Active Directory, click on App registrations, then New registration

  2. Input a name example Planner PowerShell. Supported account types choose organizational directory only. You can also use any organizational directory,  if you manage multiple tenants and wants use this app to all your tenants.
    Redirect URI, choose Public client (mobile & desktop), and value as urn:ietf:wg:oauth:2.0:oob

  3. After registered this app, go to Authentication, change Default client type from to Yes, so that this will be  a public native client

  4. Click on API permissions, choose Microsoft Graph, then add Delegated permissions: Group.Read.All, Group.ReadWrite.All, User.Read and User.ReadBasic.All

  5. (Optional but also necessary) Grant admin consent. This is very much depend on your own environment and usage. Without admin consent, normal users aren’t able to run this application. If you are the only admin who use this app, then you don’t need grant consent to others. But if you want another non-admin person use this module, you should grant admin consent. Because this is using delegated permission, the required permissions will be a combination of 1) what the user has permissions to do and 2) what the application has permissions to do. (Read the details from this blog )


    • if you want to use connect-planner -Credential , you must use Grant admin consent
    • if you are using MFA, then you cannot use connect-planner -Credential, because it won’t popup MFA authentication window


Update Planner Module environment

After register your own app, copy it’s application client ID to your note.

Then install the PlannerModule, and update the module to use your own application instead of the default one.


How to use this module

At first, this module is not 100% ready, there is no delete function yet, it can create plans, buckets, tasks, assign tasks to users, add checklist, add labels, assign labels, add descriptions, create Office 365 groups, add user to Office 365 groups.  It doesn’t handle “for each” objects, only the Invoke-AssignPlannerTask can add multiple array.

Here are some examples. Note: I will update those example in my Github.

# PlannerModule
PowerShell module for Microsoft Planner


#Check Planner PowerShell module

$PlannerModule = Get-Module -Name "PlannerModule" -ListAvailable

if ($PlannerModule -eq $null)
  Write-host "Planner PowerShell module not found, Start install the module"
  Install-Module "PlannerModule" -AllowClobber -Force

#Connect to Microsoft Planner

Connect-Planner -ForceNonInteractive True

#Definde variables
$GroupName = "A NewPlan 01"
$PlanName = "PowerShell Test Plan 03"
$BucketName = "PowerShell bucket"
$TaskName = "Test Task"

#Create new plan with Private O365 Group (this will also create new O365 Group), can also create public group
#$result01 = New-PlannerPlan -PlanName $PlanName -visibility Private
#$PlannerPlanID = $

#Create New Office 365 Group
$responde = New-AADUnifiedGroup -GroupName $GroupName -visibility Private
$GroupID = $($

#sometimes there is delay creating the group.
Start-Sleep 10

#create new plan using exsiting O365 Group
$responde1 = New-PlannerPlanToGroup -PlanName $PlanName -GroupID $GroupID
$PlannerPlanID = $($

#Create new Bucket
$responde2 = New-PlannerBucket -PlanID $PlannerPlanID -BucketName $BucketName
$PlannerPlanBucketID = $

#Create task
$responde3 = New-PlannerTask -PlanID $PlannerPlanID -TaskName $TaskName -BucketID $PlannerPlanBucketID -startDate "2019.6.3" -dueDate "2019.6.30"
$PlannerPlanTaskID = $

#Assign task to users
Invoke-AssignPlannerTask -TaskID $PlannerPlanTaskID -UserPrincipalNames "[email protected]", "[email protected]"

#Add task check list
Add-PlannerTaskChecklist -TaskID $PlannerPlanTaskID -Title "Check1" -IsChecked $false
Add-PlannerTaskChecklist -TaskID $PlannerPlanTaskID -Title "Check2" -IsChecked $true
Add-PlannerTaskChecklist -TaskID $PlannerPlanTaskID -Title "Check3" -IsChecked $false

#add task description
Add-PlannerTaskDescription -TaskID $PlannerPlanTaskID -Description "This is test task created by powershell planner module"

#Add or update labels
Update-PlannerPlanCategories -PlanID $PlannerPlanID -category1 "Kieken" -category2 "smart" -category3 "very smart" -category4 "wise" -category5 "something"

#Assign Planner Task lables
Invoke-AssignPlannerTaskCategories -TaskID $PlannerPlanTaskID -category1 $false -category2 $true -category3 $true -category4 $false -category5 $false -category6 $false


Hope you like this module. 🙂





  • Jonas Hjalmarsson
    Posted at 08:20 July 24, 2019
    Jonas Hjalmarsson

    Thanks for this! Great module. I only miss the -Credential argument on Connect-Planner to skip the manual login. Or is there another way around that?

    • Zeng Yinghua
      Posted at 13:35 July 25, 2019
      Zeng Yinghua

      Hello Jonas, I just publish a newer version, that will allow you use Connect-Planner -$Credential. Example:

      $Cred = Get-Credential
      Connect-Planner -$Credential


  • Dieter Geiss
    Posted at 16:30 August 12, 2019
    Dieter Geiss

    Dear Sandy,

    there is a typo in this function: “Update-PlannerModuelEnvironment”. I think the real name should be “Update-PlannerModuleEnvironment”. Would you mind to correct this? of course you have to update the description here since it uses that wrong name.


    • Zeng Yinghua
      Posted at 18:49 August 14, 2019
      Zeng Yinghua

      Hello Dieter, another person also pointed out there is typo in function, but I didn’t want to remove the old function name, because I can’t know if anyone is using it already or not. If I change/delete that function, it might break other people’s script. I will properly add the correct one and update description in the old one.


  • Juan Tuhod
    Posted at 05:35 August 23, 2019
    Juan Tuhod


    Do you have documentation that we can look at?

    • Zeng Yinghua
      Posted at 18:13 October 14, 2019
      Zeng Yinghua

      I don’t have documentation of this PowerShell module, but the script is also on github as I mentioned in my blog post. If you don’t want install the module from powershell gallery, you can get it from github and modified it for your own usage.

  • Paul G
    Posted at 15:29 September 20, 2019
    Paul G

    Is it possible to setup access with a client secret? I would like to automate adding some items to planner.

    • Zeng Yinghua
      Posted at 18:06 October 14, 2019
      Zeng Yinghua

      Hello Paul,

      Good question! The module doesn’t support use client secret, because according to Microsoft Graph document (, planner Graph API doesn’t support application permissions, which means it need to use credential for authentication, cannot just use client secret. But I am not 100% sure about it since you are asking, because I can see there is application permission for “Group.ReadWrite.All” available in Azure application API permission, so I can’t say for sure if it’s possible or not without testing more.

      Regards, Sandy

      • Helen
        Posted at 17:59 November 27, 2019


        I currently use Graph to create groups (see connect code below) and would now like to be able to create a stand alone planner from the group.
        My App is registered for GraphAPI with the following permissions:

        I have downloaded your module from PSGallery and have updated the planner env with my clientID.
        Each time I try Connect-Planner -ForceNonInteractive True I receive the following:
        Get-PlannerAuthToken : Cannot find an overload for “AcquireTokenAsync” and the argument count: “4”.

        Can you please let me know how I can connect to planner and what code I need to use to create a planner from the group I have created.

        • Helen
          Posted at 18:00 November 27, 2019

          Code to connect to Graph
          $ReqTokenBody = @{
          Grant_Type = “client_credentials”
          Scope = “”
          client_Id = $clientID
          Client_Secret = $clientSecret

          $TokenResponse = Invoke-RestMethod -Uri “$TenantName/oauth2/v2.0/token” -Method POST -Body $ReqTokenBody
          $accessToken = $TokenResponse.access_token

          • Zeng Yinghua
            Posted at 08:49 December 2, 2019
            Zeng Yinghua

            Hello, Planner graph API is not support application permission, so I don’t think it will work with client secret. Can you try uninstall AzureAD module, then reinstall AzureAD module?

  • Leave a Reply to Zeng Yinghua
    Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.