Missing function for fetching group members using msal token

[kaushalbcactus]

Reporting an Issue or Missing Feature Missing or unable to find function to fetch group members using MSAL token and 'Get-AzureADGroupMembers' does not work since it works for aad graph access only and not on msal graph access.

1. Get-AzureADMSGroup command is working
2. Get-AzureADGroupMembers not working displays below error.

Expected behavior Should have function to fetch groupmembers using msal token.

Actual behavior Unable to fetch members of group and failed with error

Steps to reproduce behavior `$azureAplicationId = "xxx" $azureTenantId = "xxx" $azurePassword = ConvertTo-SecureString "xxx" -AsPlainText -Force $psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword) Connect-AzAccount -Credential $psCred -Tenant $azureTenantId -ServicePrincipal

$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext
$aadToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, "https://graph.windows.net").AccessToken
$connectionDetails = @{
    'TenantId'     = 'xxx'
    'ClientId'     = 'xxx'
    'ClientSecret' = 'xxx' | ConvertTo-SecureString -AsPlainText -Force
}

$mstoken = Get-MsalToken @connectionDetails
Connect-AzureAD -AadAccessToken $aadToken -MsAccessToken $mstoken.AccessToken -AccountId $context.Account.Id -TenantId 
$context.tenant.id;
$group = Get-AzureADMSGroup -Filter "Mail eq 'xxx'" # where xxx is group email id
$groupMembers += Get-AzureADGroupMember -ObjectId $group.Id `

[jazuntee]

You can request a token for MS Graph to pull groups by using the "User.Read.All", "Group.Read.All" scopes. However, I would suggest using the Microsoft Graph PowerShell SDK modules instead.