
Function Connect-MicrosoftGraphPS
    Connect to Microsoft Graph (requires PS-module Microsoft Graph minimum v2.x)
    Connect to Microsoft Graph using Azure App & Secret
    Connect to Microsoft Graph using Azure App & Certificate Thumprint
    Connect to Microsoft Graph using interactive login and scope
    Morten Knudsen, Microsoft MVP -
    This is the Azure app id
    .PARAMETER AppSecret
    This is the secret of the Azure app
    .PARAMETER TenantId
    This is the Azure AD tenant id
    .PARAMETER CertificateThumbprint
    This is the thumprint of the installed certificate
    .PARAMETER ShowMgContext
    switch to show the current Microsoft Graph context
    .PARAMETER ShowMgContextExpandScopes
    switch to show the Microsoft Graph permissions in the current context
    .PARAMETER Scopes
    Here you can define an array of permissions
    None. You cannot pipe objects
    Connection to Microsoft Graph ("welcome")
    # Microsoft Graph connect with AzApp & Secret
    Connect-MicrosoftGraphPS -AppId $global:HighPriv_Modern_ApplicationID_Azure `
                             -AppSecret $global:HighPriv_Modern_Secret_Azure `
                             -TenantId $global:AzureTenantID
    # Microsoft Graph connect with AzApp & CertificateThumprint
    Connect-MicrosoftGraphPS -AppId $global:HighPriv_Modern_ApplicationID_Azure `
                             -CertificateThumbprint $global:HighPriv_Modern_CertificateThumbprint_Azure `
                             -TenantId $global:AzureTenantID
    # Show Permissions in the current context
    Connect-MicrosoftGraphPS -ShowMgContextExpandScopes
    # Show context of current Microsoft Graph context
    Connect-MicrosoftGraphPS -ShowMgContext
    # Microsoft Graph connect with interactive login with the permission defined in the scopes
    $Scopes = @("DeviceManagementConfiguration.ReadWrite.All",`
    Connect-MicrosoftGraphPS -Scopes $Scopes

                [switch]$ShowMgContext = $false,
                [switch]$ShowMgContextExpandScopes = $false,

    # Microsoft Graph (MgGraph) connect with AzApp & AppSecret

    If ( ($AppId) -and ($AppSecret) -and ($TenantId) )
            $Disconnect = Disconnect-MgGraph -ErrorAction SilentlyContinue

            $AppSecretSecure = ConvertTo-SecureString $AppSecret -AsPlainText -Force
            $ClientSecretCredential = New-Object System.Management.Automation.PSCredential ($AppId, $AppSecretSecure)

            write-host "Connecting to Microsoft Graph using Azure App & Secret"
            Connect-MgGraph -TenantId $TenantId -ClientSecretCredential $ClientSecretCredential

    # Microsoft Graph (MgGraph) connect with AzApp & CertificateThumpprint
    ElseIf ( ($AppId) -and ($CertificateThumbprint) -and ($TenantId) )
            $Disconnect = Disconnect-MgGraph -ErrorAction SilentlyContinue

            write-host "Connecting to Microsoft Graph using Azure App & CertificateThumprint"
            Connect-MgGraph -TenantId $TenantId -ClientId $AppId -CertificateThumbprint $CertificateThumbprint
    # Microsoft Graph (MgGraph) connect using interactive connectivity
    ElseIf ($ShowMgContext)
            $Context = Get-MgContext
            Return $Context

    ElseIf ($ShowMgContextExpandScopes)
            $Context = Get-MgContext | Select -ExpandProperty Scopes
            Return $Context
            Connect-MgGraph -Scopes $Scopes

Function Connect-MicrosoftRestApiEndpointPS
Connect to REST API endpoint
Connect to REST API endpoint like
Morten Knudsen, Microsoft MVP -
This is the Uri for the REST endpoint in Microsoft Graph
This is the Azure app id
This is the secret of the Azure app
This is the Azure AD tenant id
None. You cannot pipe objects
Connection Header & Token
$ConnectAuth = Connect-MicrosoftRestApiEndpointPS -AppId $global:HighPriv_Modern_ApplicationID_O365 `
                                                  -AppSecret $global:HighPriv_Modern_Secret_O365 `
                                                  -TenantId $global:AzureTenantID `
                                                  -Uri ""


    $AppId = $global:HighPriv_Modern_ApplicationID_O365
    $AppSecret = $global:HighPriv_Modern_Secret_O365
    $TenantId = $global:AzureTenantID
    $Uri = ""

    # Get Token
        $oAuthUri = "$($TenantID)/oauth2/token"
        $authBody = [Ordered] @{
                                 resource = $Uri
                                 client_id = $AppId
                                 client_secret = $AppSecret
                                 grant_type = 'client_credentials'

        $AuthResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop

        $Token = $AuthResponse.access_token

    # Set the WebRequest headers
        $Headers = @{
                        'Content-Type' = 'application/json'
                        Accept = 'application/json'
                        Authorization = "Bearer $token"

    Return $Token, $Headers

Function Get-MgUser-AllProperties-AllUsers
Performs a Get-MgUser for all users retrieving all properties (except for certain properties which cannot be returned within a user collection).
Manager property is being expanded
Get all properties for all users
Expands manager information
Excludes certain properties which cannot be returned within a user collection in bulk retrieval (*)
The following properties are only supported when retrieving a single user: aboutMe, birthday, hireDate, interests, mySite, pastProjects, preferredName,
responsibilities, schools, skills, mailboxSettings, DeviceEnrollmentLimit, print, SignInActivity
Morten Knudsen, Microsoft MVP -
None. You cannot pipe objects
Returns the data
$Result = Get-MgUser-AllProperties-AllUsers
$Result | fl
$Result.ManagerProperties | fl


    # Building list of Properties from first user found in Entra ID (prior named Azure AD)
        $PropertiesRaw = Get-MgUser -Top 1 | Get-Member -MemberType Property | select -ExpandProperty Name

        Certain properties cannot be returned within a user collection.
        The following properties are only supported when retrieving a single user: aboutMe, birthday, hireDate, interests, mySite, pastProjects, preferredName,
        responsibilities, schools, skills, mailboxSettings.
        The following properties are not supported in personal Microsoft accounts and will be null: aboutMe, birthday, interests, mySite, pastProjects, preferredName,
        responsibilities, schools, skills, streetAddress.

        $PropertyExclude = @("MailboxSettings",`

    # Removing special properties from bulk-retrieval
        $Properties = $PropertiesRaw | Where-Object { ($_ -notin $PropertyExclude) }

    # Building array of properties to expand
        $PropertiesExpand = @("Manager")

    # Getting all data about users
        Write-Host "Getting all properties from all users in Entra ID (prior named Azure AD) .... Please Wait !"
        $EntraID_Users_ALL = Get-MgUser -All -Property $Properties -ExpandProperty $PropertiesExpand | Select-Object $Properties | `
                             Select *,@{Name = 'ManagerDisplayName'; Expression = {$_.Manager.AdditionalProperties.displayName}}, `
                                      @{Name = 'ManagerMail'; Expression = {$_.Manager.AdditionalProperties.mail}},`
                                      @{Name = 'ManagerProperties'; Expression = {$_.Manager.AdditionalProperties}}
        Return $EntraID_Users_ALL

Function InstallUpdate-MicrosoftGraphPS
    Install and Update MicrosoftGraphPS module
    Install latest version of MicrosoftGraphPS, if not found
    Updates to latest version of MicrosoftGraphPS, if switch (-AutoUpdate) is set
    Morten Knudsen, Microsoft MVP -
    .PARAMETER Scope
    Scope where MicrosoftGraphPS module will be installed - can be AllUsers or CurrentUser
    .PARAMETER AutoUpdate
    MicrosoftGraphPS module will be updated to latest version, if switch (-AutoUpdate) is set
    None. You cannot pipe objects
    Installation / Update status
    InstallUpdate-MicrosoftGraphPS -Scope AllUsers -AutoUpdate

              $Scope = "AllUsers",
              [switch]$AutoUpdate = $False

    # MicrosoftGraphPS
    $Module = "MicrosoftGraphPS"

    $ModuleCheck = Get-Module -Name $Module -ListAvailable -ErrorAction SilentlyContinue
        If (!($ModuleCheck))
                Write-host ""
                Write-host "Installing latest version of $($Module) from PsGallery in scope $($Scope) .... Please Wait !"

                Install-module -Name $Module -Repository PSGallery -Force -Scope $Scope
                import-module -Name $Module -Global -force -DisableNameChecking  -WarningAction SilentlyContinue
                # Check for any available updates

                    # Current version
                    $InstalledVersions = Get-module $Module -ListAvailable

                    $LatestVersion = $InstalledVersions | Sort-Object Version -Descending | Select-Object -First 1

                    $CleanupVersions = $InstalledVersions | Where-Object { $_.Version -ne $LatestVersion.Version }

                    # Online version in PSGallery (online)
                    $Online = Find-Module -Name $Module -Repository PSGallery

                    # Compare versions
                    if ( ([version]$Online.Version) -gt ([version]$LatestVersion.Version) ) 
                            Write-host ""
                            Write-host "Newer version ($($Online.version)) of $($Module) was detected in PSGallery"
                            Write-host ""
                            Write-host "Updating to latest version $($Online.version) of $($Module) from PSGallery ... Please Wait !"
                            Update-module $Module -Force
                            import-module -Name $Module -Global -force -DisableNameChecking  -WarningAction SilentlyContinue
                            # No new version detected ... continuing !
                            Write-host ""
                            Write-host "OK - Running latest version ($($LatestVersion.version)) of $($Module)"

                # Clean-up older versions, if found

                    $InstalledVersions = Get-module $Module -ListAvailable
                    $LatestVersion = $InstalledVersions | Sort-Object Version -Descending | Select-Object -First 1
                    $CleanupVersions = $InstalledVersions | Where-Object { $_.Version -ne $LatestVersion.Version }

                    Write-host ""
                    ForEach ($ModuleRemove in $CleanupVersions)
                            Write-Host "Removing older version $($ModuleRemove.Version) of $($ModuleRemove.Name) ... Please Wait !"

                            Uninstall-module -Name $ModuleRemove.Name -RequiredVersion $ModuleRemove.Version -Force -ErrorAction SilentlyContinue

                            # Removing left-overs if uninstall doesn't complete task
                            $ModulePath = (get-item $ModuleRemove.Path -ErrorAction SilentlyContinue).DirectoryName
                            if ( ($ModulePath) -and (Test-Path $ModulePath) )
                                    $Result = takeown /F $ModulePath /A /R
                                    $Result = icacls $modulePath /reset
                                    $Result = icacls $modulePath /grant Administrators:'F' /inheritance:d /T
                                    $Result = Remove-Item -Path $ModulePath -Recurse -Force -Confirm:$false

            } #If (!($ModuleCheck))

Function Invoke-MgGraphRequestPS
    Invoke command to get/put/post/patch/delete data using Microsoft Graph REST endpoint
    Get data using Microsoft Graph REST endpoint in case there is no PS-cmdlet available
    Morten Knudsen, Microsoft MVP -
    This is the Uri for the REST endpoint in Microsoft Graph
    .PARAMETER Method
    This is the method to handle the data (GET, PUT, DELETE, POST, PATCH)
    .PARAMETER OutPutType
    This is the output type
    None. You cannot pipe objects
    Returns the data
    # Method #1 - REST Endpoint
    $Uri = ""
    $Devices = Invoke-MgGraphRequestPS -Uri $Uri -Method GET -OutputType PSObject
    # Method #2 - MgGraph cmdlet (prefered method, if available)
    $Devices = Get-MgDeviceManagementManagedDevice

                [ValidateSet("GET", "DELETE", "POST", "PUT", "PATCH", IgnoreCase = $false)] 
                $Method = "GET",
                [ValidateSet("PSObject", "JSON", "HashTable", "HttpResponseMessage", IgnoreCase = $false)] 
                $OutputType = "PSObject"

    $Result       = @()
    $ResultsCount = 0

    $ResultsRaw   = Invoke-MGGraphRequest -Method $Method -Uri $Uri ?-OutputType $OutPutType

    $Result       += $ResultsRaw.value
    $ResultsCount += ($ResultsRaw.value | Measure-Object).count
    Write-host "[ $($ResultsCount) ] Getting data from $($Uri) using MgGraph"

    if (!([string]::IsNullOrEmpty($ResultsRaw.'@odata.nextLink'))) 
                            $ResultsRaw    = Invoke-MGGraphRequest -Method $Method -Uri $ResultsRaw.'@odata.nextLink' ?-OutputType $OutPutType
                            Write-host "Errors occured - waiting 3 sec and then retrying"
                            Sleep -Seconds 3

                    $ResultsCount += ($ResultsRaw.value | Measure-Object).count
                    $Result       += $ResultsRaw.value
                    Write-host "[ $($ResultsCount) ] Getting more data from $($Uri) using MgGraph"
            while (!([string]::IsNullOrEmpty($ResultsRaw.'@odata.nextLink'))) 
    Return $Result

Function Invoke-MicrosoftRestApiRequestPS
    Invoke command to get/put/post/patch/delete data using Microsoft REST API endpoint
    Get data using Microsoft REST API endpoint like GET
    Morten Knudsen, Microsoft MVP -
    This is the Uri for the REST endpoint in Microsoft Graph
    .PARAMETER Method
    This is the method to handle the data (GET, PUT, DELETE, POST, PATCH)
    .PARAMETER Header
    This is the Header coming from Connect-MicrosoftRestApiEndpointPS
    None. You cannot pipe objects
    Returns the data
    $Result = Invoke-MicrosoftRestApiRequestPS -Uri "" `
                                               -Method GET `
                                               -Headers $ConnectAuth[1]
    # Show Result

                [ValidateSet("GET", "DELETE", "POST", "PUT", "PATCH", IgnoreCase = $false)] 
                $Method = "GET",

    $Uri = ""
    $Method = "GET"
    $Headers = $ConnectAuth[1]

    $ResponseAllRecords = @()
            Write-host ""

                        $ResponseRaw = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $Headers
                        $ResponseAllRecords += $ResponseRaw.content
                        $ResponseRawJSON = ($ResponseRaw | ConvertFrom-Json)
                        $ResultsCount += ( ($ResponseRaw.content | ConvertFrom-Json).value | Measure-Object).count
                        Write-host "[ $($ResultsCount) ] Getting data from $($Uri) using REST Api endpoint"

                        if ($ResponseRawJSON.'@odata.nextLink')
                                $Uri = $ResponseRawJSON.'@odata.nextLink'
                                $Uri = $null

                        Write-host ""
                        Write-host "StatusCode: " $_.Exception.Response.StatusCode.value__
                        Write-host "StatusDescription:" $_.Exception.Response.StatusDescription
                        Write-host ""
                        if ($_.ErrorDetails.Message)
                                Write-host ""
                                Write-host "Inner Error: $_.ErrorDetails.Message"
                                Write-host ""
                        # check for a specific error so that we can retry the request otherwise, set the url to null so that we fall out of the loop
                        if ($_.Exception.Response.StatusCode.value__ -eq 403 )
                                # just ignore, leave the url the same to retry but pause first
                                if ($retryCount -ge $maxRetries)
                                        # not going to retry again
                                        $Uri = $null
                                        Write-host 'Not going to retry...'
                                        $retryCount += 1
                                        write-host ""
                                        Write-host "Retry attempt $retryCount after a $pauseDuration second pause..."
                                        Write-host ""
                                        Start-Sleep -Seconds $pauseDuration
                                    # not going to retry -- set the url to null to fall back out of the while loop
                                    $Uri = $null

    while (!([string]::IsNullOrEmpty($Uri)))

    $Result = ($ResponseAllRecords | ConvertFrom-Json).value

    Return $Result

Function Manage-Version-Microsoft.Graph
Version management of Microsoft.Graph PS modules
Installing latest version of Microsoft.Graph, if not found
Shows older installed versions of Microsoft.Graph
Checks if newer version if available from PSGallery of Microsoft.Graph
Automatic clean-up old versions of Microsoft.Graph
Update to latest version from PSGallery of Microsoft.Graph
Remove all versions of Microsoft.Graph
Morten Knudsen, Microsoft MVP -
Scope where MicrosoftGraphPS module will be installed - can be AllUsers (default) or CurrentUser
.PARAMETER CleanupOldMicrosoftGraphVersions
[switch] Removes old versions, if any found
.PARAMETER RemoveAllMicrosoftGraphVersions
[switch] Removes all versions of Microsoft.Graph (complete re-install)
.PARAMETER InstallLatestMicrosoftGraph
[switch] Install latest version of Microsoft.Graph from PSGallery, if new version detected
.PARAMETER ShowVersionDetails
[switch] Show version details (detailed)
None. You cannot pipe objects
Returns the data
# Show details of installed Microsoft.Graph
# Show details of installed Microsoft.Graph including version details
Manage-Version-Microsoft.Graph -ShowVersionDetails
# Show details of installed Microsoft.Graph and install latest (if found)
Manage-Version-Microsoft.Graph -InstallLatestMicrosoftGraph
# Show details of installed Microsoft.Graph and install latest (if found)
Manage-Version-Microsoft.Graph -InstallLatestMicrosoftGraph -Scope CurrentUser
# Force Re-install of Microsoft.Graph
Manage-Version-Microsoft.Graph -ForceReinstall -Scope AllUsers
# Show details of installed Microsoft.Graph and clean-up old versions (if found)
Manage-Version-Microsoft.Graph -CleanupOldMicrosoftGraphVersions
# Show details of installed Microsoft.Graph and remove all versions (complete re-install)
Manage-Version-Microsoft.Graph -RemoveAllMicrosoftGraphVersions
# Show details, install latest (if found) and clean-up old versions (if found)
Manage-Version-Microsoft.Graph -InstallLatestMicrosoftGraph -CleanupOldMicrosoftGraphVersions

                $Scope = "AllUsers",
                [switch]$CleanupOldMicrosoftGraphVersions = $false,
                [switch]$RemoveAllMicrosoftGraphVersions = $false,
                [switch]$InstallLatestMicrosoftGraph = $False,
                [switch]$ForceReinstall = $False,
                [switch]$ShowVersionDetails = $False


    # MicrosoftGraphPS - install/update/remove
    $Module = "MicrosoftGraphPS"

    Write-host "Checking module $($Module) ... Please Wait !"

    $ModuleCheck = Get-Module -Name $Module -ListAvailable -ErrorAction SilentlyContinue
        If (!($ModuleCheck))
                Write-host ""
                Write-host "Installing latest version of $($Module) from PsGallery in scope $($Scope) .... Please Wait !"

                Install-module -Name $Module -Repository PSGallery -Force -Scope $Scope
                import-module -Name $Module -Global -force -DisableNameChecking  -WarningAction SilentlyContinue
                # Check for any available updates

                    # Current version
                    $InstalledVersions = Get-module $Module -ListAvailable

                    $LatestVersion = $InstalledVersions | Sort-Object Version -Descending | Select-Object -First 1

                    $CleanupVersions = $InstalledVersions | Where-Object { $_.Version -ne $LatestVersion.Version }

                    # Online version in PSGallery (online)
                    $Online = Find-Module -Name $Module -Repository PSGallery

                    # Compare versions
                    if ( ([version]$Online.Version) -gt ([version]$LatestVersion.Version) ) 
                            Write-host ""
                            Write-host "Newer version ($($Online.version)) of $($Module) was detected in PSGallery"
                            Write-host ""
                            Write-host "Updating to latest version $($Online.version) of $($Module) from PSGallery ... Please Wait !"
                            Update-module $Module -Force
                            import-module -Name $Module -Global -force -DisableNameChecking  -WarningAction SilentlyContinue
                            # No new version detected ... continuing !
                            Write-host ""
                            Write-host "OK - Running latest version ($($LatestVersion.version)) of $($Module)"

                # Clean-up older versions, if found

                    $InstalledVersions = Get-module $Module -ListAvailable
                    $LatestVersion = $InstalledVersions | Sort-Object Version -Descending | Select-Object -First 1
                    $CleanupVersions = $InstalledVersions | Where-Object { $_.Version -ne $LatestVersion.Version }

                    Write-host ""
                    ForEach ($ModuleRemove in $CleanupVersions)
                            Write-Host "Removing older version $($ModuleRemove.Version) of $($ModuleRemove.Name) ... Please Wait !"

                            Uninstall-module -Name $ModuleRemove.Name -RequiredVersion $ModuleRemove.Version -Force -ErrorAction SilentlyContinue

                            # Removing left-overs if uninstall doesn't complete task
                            $ModulePath = (get-item $ModuleRemove.Path -ErrorAction SilentlyContinue).DirectoryName
                            if ( ($ModulePath) -and (Test-Path $ModulePath) )
                                    $Result = takeown /F $ModulePath /A /R
                                    $Result = icacls $modulePath /reset
                                    $Result = icacls $modulePath /grant Administrators:'F' /inheritance:d /T
                                    $Result = Remove-Item -Path $ModulePath -Recurse -Force -Confirm:$false

            } #If (!($ModuleCheck))


    # Parameter/Switch to force removal of all versions of Microsoft.Graph

    If ($RemoveAllMicrosoftGraphVersions)
            Write-host ""
            Write-Host "Removing all versions of Microsoft.Graph main module ... Please Wait !"
            Remove-Module Microsoft.Graph -Force -ErrorAction SilentlyContinue
            Uninstall-Module Microsoft.Graph -AllVersions -Force -ErrorAction SilentlyContinue

            # Remove all dependency modules from memory + uninstall
            $Retry = 0
                    $Retry = 1 + $Retry

                    $LoadedModules = Get-Module Microsoft.Graph.* -ListAvailable -ErrorAction SilentlyContinue | Where-Object { $_.Name -ne 'Microsoft.Graph.Authentication' }
                    $LoadedModules = $LoadedModules | Sort-Object -Property Name

                    # Modules found
                    If ($LoadedModules)
                            ForEach ($Module in $LoadedModules)
                                    Write-Host "Removing dependency module $($Module.Name) (version: $($Module.Version)) ... Please Wait !"
                                    Remove-Module -Name $Module.Name -force -ErrorAction SilentlyContinue
                                    Uninstall-Module -Name $Module.Name -force -ErrorAction SilentlyContinue

                                    # Sometimes uninstall-module doesn't clean-up correctly. This will ensure complete deletion of leftovers !
                                    $ModulePath = (get-item $Module.Path -ErrorAction SilentlyContinue).DirectoryName
                                    if ( ($ModulePath) -and (Test-Path $ModulePath) )
                                            $Result = takeown /F $ModulePath /A /R
                                            $Result = icacls $modulePath /reset
                                            $Result = icacls $modulePath /grant Administrators:'F' /inheritance:d /T
                                            $Result = Remove-Item -Path $ModulePath -Recurse -Force -Confirm:$false

                            $LoadedModules = Get-Module -Name "Microsoft.Graph.Authentication" -ListAvailable -ErrorAction SilentlyContinue
                            ForEach ($Module in $LoadedModules)
                                    Write-Host "Removing dependency module $($Module.Name) (version: $($Module.Version)) ... Please Wait !"
                                    Remove-Module -Name $Module.Name -force -ErrorAction SilentlyContinue
                                    Uninstall-Module -Name $Module.Name -force -ErrorAction SilentlyContinue

                                    # Sometimes uninstall-module doesn't clean-up correctly. This will ensure complete deletion of leftovers !
                                    $ModulePath = (get-item $Module.Path -ErrorAction SilentlyContinue).DirectoryName
                                    if ( ($ModulePath) -and (Test-Path $ModulePath) )
                                            $Result = takeown /F $ModulePath /A /R
                                            $Result = icacls $modulePath /reset
                                            $Result = icacls $modulePath /grant Administrators:'F' /inheritance:d /T
                                            $Result = Remove-Item -Path $ModulePath -Recurse -Force -Confirm:$false

                    # Verifying if all modules have been removed
                    $InstalledModules = Get-Module Microsoft.Graph.* -ErrorAction SilentlyContinue
            Until ( ($LoadedModules -eq $null) -or ($Retry -eq 5) )


    Write-host ""
    Write-Host "Checking if Microsoft.Graph is installed"
        $Installed = Get-module Microsoft.Graph.* -ListAvailable

        If ($Installed)
                Write-host ""
                Write-Host "OK - Microsoft.Graph was detected"
                $FoundGraph = $true
                Write-host ""
                Write-Host "Microsoft.Graph was not found on this computer. "
                $FoundGraph = $false
                $NewerVersionDetected = $false

        If ($FoundGraph -eq $true)
                Write-host ""
                Write-Host "Checking if you are running latest version of Microsoft.Graph from PSGallery ... Please Wait !"

                $InstalledVersions = Get-module Microsoft.Graph* -ListAvailable | Where-Object { ($_.ModuleType -eq "Manifest") -or ($_.ModuleType -eq "Script") }
                $InstalledVersionsCount = ( ($InstalledVersions | Group-Object -Property Version) | Measure-Object).count
                $LatestVersion = $InstalledVersions | Sort-Object Version -Descending | Select-Object -First 1

                If ($ShowVersionDetails)
                        Write-host ""
                        Write-Host "Installed versions of Microsoft.Graph are [ $($InstalledVersionsCount) ]"
                        $InstalledVersions | Group-Object -Property Version

                # Checking latest version in PSGallery
                $online = Find-Module -Name Microsoft.Graph -Repository PSGallery

                #compare versions
                $NewerVersionDetected = $false   # default
                if ( ([version]$online.version) -gt ([version]$LatestVersion.version) ) 
                        $NewerVersionDetected = $true
                        Write-host ""
                        Write-host "Newer version ($($online.version)) of Microsoft.Graph was detected in PSGallery"
                        # No new version detected ... continuing !
                        Write-host ""
                        Write-host "OK - Running latest version ($($LatestVersion.version)) of Microsoft.Graph"
                        $NewerVersionDetected = $false


                Write-host ""
                Write-Host "Checking if you have any older versions of Microsoft.Graph installed that may conflict and should be removed"

                $VersionsCleanup = $InstalledVersions | Where-Object { [version]$_.Version -lt [version]$Online.Version }
                $VersionsCleanupCount = ( ($VersionsCleanup | Group-Object -Property Version) | Measure-Object).count

                If ($VersionsCleanupCount -gt 0)
                        Write-Host ""
                        Write-Host "You have $VersionsCleanupCount older versions of Microsoft.Graph to remove"
                        Write-Host ""
                ElseIf ($VersionsCleanupCount -eq 0)
                        Write-Host ""
                        Write-Host "OK - You have no older versions of Microsoft.Graph installed"
                        Write-Host ""

                If ($ShowVersionDetails)
                        $VersionsCleanup | Select-Object Version


    # Update to latest version of Microsoft Graph - or install if missing
        # Update
        If ( ($InstallLatestMicrosoftGraph) -and ($NewerVersionDetected -eq $true) -and ($FoundGraph -eq $true) )
                Write-host ""
                Write-host "Updating to latest version $($online.version) of Microsoft.Graph from PSGallery ... Please Wait !"
                Update-module Microsoft.Graph -Force

        # Re-install
        ElseIf ( ($ForceReinstall -eq $true) -and ($FoundGraph -eq $true) )
                # Checking latest version in PSGallery
                $online = Find-Module -Name Microsoft.Graph -Repository PSGallery

                Write-host ""
                Write-Host "Re-installing latest version ($($online.version)) of Microsoft.Graph from PS Gallery ... Please Wait !"
                Install-module Microsoft.Graph -Scope $Scope -Force
        # New install
        ElseIf ( ($InstallLatestMicrosoftGraph) -and ($NewerVersionDetected -eq $false) -and ($FoundGraph -eq $false) )
                # Checking latest version in PSGallery
                $online = Find-Module -Name Microsoft.Graph -Repository PSGallery

                Write-host ""
                Write-Host "Installing latest version ($($online.version)) of Microsoft.Graph from PS Gallery ... Please Wait !"
                Install-module Microsoft.Graph -Scope $Scope -Force


    # Remove older versions of Microsoft.Graph

    If ( ($CleanupOldMicrosoftGraphVersions) -and ($VersionsCleanupCount -gt 0) )
            Write-host ""
            ForEach ($ModuleRemove in $VersionsCleanup)
                    Write-Host "Removing older version $($ModuleRemove.Version) of $($ModuleRemove.Name) ... Please Wait !"

                    Uninstall-module -Name $ModuleRemove.Name -RequiredVersion $ModuleRemove.Version -Force -ErrorAction SilentlyContinue

                    # Removing left-overs if uninstall doesn't complete task
                    $ModulePath = (get-item $ModuleRemove.Path -ErrorAction SilentlyContinue).DirectoryName
                    if ( ($ModulePath) -and (Test-Path $ModulePath) )
                            $Result = takeown /F $ModulePath /A /R
                            $Result = icacls $modulePath /reset
                            $Result = icacls $modulePath /grant Administrators:'F' /inheritance:d /T
                            $Result = Remove-Item -Path $ModulePath -Recurse -Force -Confirm:$false

