<h1><a href='#getting-an-access-token-interactively-for-azure-ad-from-powershell'>Getting an Access Token interactively for Azure AD from Powershell</a></h1>

Getting an access token under your credentials is very useful in many scenarios for automation, specially when you are writing Powershell scripts. Unfortunately, this scenario is not well documented anywhere by Microsoft. 

I found a Powershell module that wraps MSAL and let you do exactly that. It took me some time to get it working, but here is you can do it.
<div class="highlight"><pre class="highlight powershell"><code>if (!(Get-Module "MSAL.PS")) {
 Import-Module "MSAL.PS"
}

$TokenResponse = Get-MsalToken -ClientId '&lt;Client ID here&gt; `
 -TenantId "&lt;Tenant ID here&gt; `
 -Interactive `
 -Scopes 'https://graph.microsoft.com/User.Read', 'https://graph.microsoft.com/Group.Read.All', 

$AccessToken = $TokenResponse.AccessToken
</code></pre></div>
You need to get one App Registration created, and assigned with the scopes you will use (Delegated Permissions). The ID for that App Registration is passed as the ClientId argument. 
In the example above, I am referencing some permissions from the Graph API to read the user profiles and groups.

# Getting an Access Token interactively for Azure AD from Powershell

Getting an access token under your credentials is very useful in many scenarios for automation, specially when you are writing Powershell scripts. Unfortunately, this scenario is not well documented anywhere by Microsoft. 

I found a Powershell module that wraps MSAL and let you do exactly that. It took me some time to get it working, but here is you can do it.

```powershell
if (!(Get-Module "MSAL.PS")) {
 Import-Module "MSAL.PS"
}

$TokenResponse = Get-MsalToken -ClientId '<Client ID here> `
 -TenantId "<Tenant ID here> `
 -Interactive `
 -Scopes 'https://graph.microsoft.com/User.Read', 'https://graph.microsoft.com/Group.Read.All', 

$AccessToken = $TokenResponse.AccessToken
``` 
You need to get one App Registration created, and assigned with the scopes you will use (Delegated Permissions). The ID for that App Registration is passed as the ClientId argument. 
In the example above, I am referencing some permissions from the Graph API to read the user profiles and groups.