๐Ÿ” Tracking Microsoft Graph API Usage with PowerShell: A Guide for Admins

Track Microsoft Graph API usage by application across your tenant using PowerShell.

As organizations increasingly rely on Microsoft Graph to power their apps and services, understanding which applications are tapping into this powerful API becomes essential for security, governance, and optimization. Thatโ€™s where the Graph API Usage Report Script steps inโ€”a PowerShell-based solution designed to give administrators clear visibility into Graph API consumption across their tenant.

A good use case for this script is to track down which applications are making excessive API calls, potentially leading to throttling issues or security concerns. By identifying these applications, you can take proactive measures to optimize their usage or investigate unauthorized access. See this post for more details on Managing 429 Errors (throttling) in Microsoft Graph API.

This script not only tracks API usage but also resolves application GUIDs into human-readable names, making it easier to identify which apps are making calls to Microsoft Graph. Whether you’re an admin looking to audit app activity or a developer wanting to optimize your API calls, this tool is invaluable.


๐Ÿš€ What Does the Script Do?

The script leverages the beta getApiUsage endpoint of Microsoft Graph to generate a detailed report of API usage. It retrieves raw usage data and enriches it by resolving application GUIDs into human-readable namesโ€”making the data both actionable and admin-friendly.

Whether you’re troubleshooting unexpected API spikes, auditing third-party integrations, or simply trying to understand your app landscape, this script delivers the insights you need.


๐Ÿ“‹ Prerequisites

Clone this repository to get started:

https://github.com/mjfusa/get-graphapi-usage

Required Permissions

The script requires the following Microsoft Graph API permissions:

  • Reports.Read.All - To read usage reports
  • Application.Read.All - To read application information
  • Directory.Read.All - To read directory information

Required User Roles (for Microsoft Entra)

  • Reports Reader
  • Global Reader

๐Ÿ› ๏ธ Key Components

Install-Prerequisites.ps1

Before diving into usage tracking, youโ€™ll need to ensure your environment is ready. The Install-Prerequisites.ps1 script installs the necessary Microsoft Graph PowerShell SDK modules:

1
2
3
Install-Module Microsoft.Graph.Authentication -Force
Install-Module Microsoft.Graph.Applications -Force
Install-Module Microsoft.Graph.Reports -Force

These modules enable authentication, application metadata retrieval, and access to usage reportsโ€”everything the main script depends on.


Get-GraphAPIUsage.ps1

This is the main script that does the heavy lifting. Here’s what it brings to the table:

  • โœ… Authentication Prompt: Secure sign-in with required permissions (Reports.Read.All, Application.Read.All, Directory.Read.All)
  • ๐Ÿ“Š Usage Data Retrieval: Pulls usage metrics from the Graph API
  • ๐Ÿง  App Name Resolution: Translates App IDs into recognizable names
  • ๐Ÿงพ Flexible Output: View results in the console or export to CSV
  • ๐Ÿงฎ Summary Stats: Provides a quick overview of usage patterns
  • ๐Ÿ›ก๏ธ Error Handling: Gracefully manages permission issues, missing data, and API hiccups
  • โšก Caching: Reduces redundant API calls by storing resolved app names during execution

Example Usage:

1
.\Get-GraphAPIUsage.ps1 -Days 7 -OutputPath "C:\Reports\GraphAPIUsage.csv"

Graph API Usage Example This command fetches the last 7 days of usage and saves the report to a CSV file.


๐Ÿ“ Output Snapshot

The report includes the following columns:

  • Date โ€“ When the API call occurred
  • ServiceArea โ€“ The Graph service area (e.g., Microsoft365, AzureAD)
  • TenantId โ€“ Your tenantโ€™s unique identifier
  • AppId โ€“ The GUID of the calling application
  • AppName โ€“ The resolved name of the application
  • Usage โ€“ Number of API requests made

Example:

1
2
3
4
5
6
"Date","ServiceArea","TenantId","AppId","AppName","Usage"
"2025-08-03 00:00:00Z","Microsoft Exchange","d3d6872a-0e81-480f-88e4-8e625ee447ba","d8615cf7-11a7-4eae-9b2b-426a9c5e27b8","MessageCenterAgent-reg","13"
"2025-08-02 00:00:00Z","Microsoft Exchange","d3d6872a-0e81-480f-88e4-8e625ee447ba","de8bc8b5-d9f9-48b1-a8ad-b748da725064","Graph Explorer","1"
"2025-08-02 00:00:00Z","Microsoft Exchange","d3d6872a-0e81-480f-88e4-8e625ee447ba","d8615cf7-11a7-4eae-9b2b-426a9c5e27b8","MessageCenterAgent-reg","16"
"2025-08-02 00:00:00Z","Microsoft Exchange","d3d6872a-0e81-480f-88e4-8e625ee447ba","00000006-0000-0ff1-ce00-000000000000","Microsoft Office 365 Portal","7"
"2025-08-01 00:00:00Z","Microsoft Exchange","d3d6872a-0e81-480f-88e4-8e625ee447ba","d8615cf7-11a7-4eae-9b2b-426a9c5e27b8","MessageCenterAgent-reg","19"

Display in Excel

To visualize the data, you can easily open the CSV in Excel. This allows for quick filtering, sorting, and analysis of API usage patterns.

Here is the CSV data displayed in Excel: Graph API Usage in Excel

You can create pivot tables to summarize usage by application, service area, or date, helping you identify trends and anomalies at a glance.

Here is an example of a pivot table summarizing API usage by application: Pivot Table Example

โœ… Summary of Key Benefits for Admins

  • ๐Ÿ” Improved Security Oversight: Identify unauthorized or excessive API usage
  • ๐Ÿ“‹ Audit Readiness: Easily track which apps are accessing sensitive data
  • ๐Ÿ“ˆ Performance Optimization: Spot usage trends and optimize resource allocation
  • ๐Ÿงฉ Integration Clarity: Understand how internal and third-party apps interact with Microsoft Graph
  • ๐Ÿง  Informed Decision-Making: Use data to guide licensing, permissions, and app lifecycle management

๐Ÿ“ Conclusion

In this post, we’ve explored how to track Microsoft Graph API usage using PowerShell. By leveraging the Microsoft Graph PowerShell SDK, we can easily authenticate, retrieve usage data, and generate insightful reports. The key benefits for admins include improved security oversight, audit readiness, performance optimization, integration clarity, and informed decision-making.

By implementing the provided scripts and techniques, you can gain a deeper understanding of how your organization interacts with Microsoft Graph and make data-driven decisions to enhance your security posture and resource allocation.

Happy scripting!

Built with Hugo
Theme Stack designed by Jimmy