Public/Connect/Connect-Graph.ps1

function Connect-Graph {
    [CmdletBinding()]
    param(

        [parameter(Mandatory, HelpMessage = "Use either format, tenant or tenant.onmicrosoft.com")]
        [ValidateNotNullOrEmpty()]
        [string] $Tenant,

        [Parameter()]
        [switch] $DeleteCreds

    )
    if ($Tenant -notmatch ".onmicrosoft.com") {
        $Tenant = $Tenant + ".onmicrosoft.com"
    }
    $host.ui.RawUI.WindowTitle = "Azure Tenant: $($Tenant.ToUpper())"
    $RootPath = $env:USERPROFILE + "\ps\"
    $KeyPath = $Rootpath + "creds\"

    if ($DeleteCreds) {
        Remove-Item ($KeyPath + "$($Tenant).AzureXml")
        break
    }
    # Create KeyPath Directory
    if (-not (Test-Path $KeyPath)) {
        Try {
            $null = New-Item -ItemType Directory -Path $KeyPath -ErrorAction STOP
        }
        Catch {
            throw $_.Exception.Message
        }
    }
    if (Test-Path ($KeyPath + "$($Tenant).AzureXml")) {
        [System.Management.Automation.PSCredential]$Script:AzureCredential = Import-Clixml ($KeyPath + "$($Tenant).AzureXml")
        $ClientID = $AzureCredential.GetNetworkCredential().username
        $Secret = $AzureCredential.GetNetworkCredential().Password

    }
    else {
        [System.Management.Automation.PSCredential]$Script:AzureCredential = Get-Credential -Message "Enter Application ID (client id) as Username and API Secret as Password"
        $AzureCredential | Export-Clixml ($KeyPath + "$($Tenant).AzureXml")
        $ClientID = $AzureCredential.GetNetworkCredential().username
        $Secret = $AzureCredential.GetNetworkCredential().Password
    }

    $loginRequest = @{
        Method = "Post"
        Body   = @{
            'client_id'     = $ClientID
            'client_secret' = $Secret
            'grant_type'    = 'client_credentials'
            'scope'         = 'https://graph.microsoft.com/.default'
            'resource'      = 'https://graph.microsoft.com/'
        }
        Uri    = "https://login.microsoftonline.com/$Tenant/oauth2/token"
    }

    try {
        $Session = Invoke-RestMethod @loginRequest
    }
    catch {
        Write-Error 'Could not get the session. incorrect app or account?'
        throw $_
    }

    $Session.access_token
}