Create an Azure App Registration with PowerShell and MS GRAPH API
API Reference and Permissions
Read the following DOCS for more Details
Create an Azure App Reg with the following GRAPH API Application Permissions
- Application.ReadWrite.OwnedBy
- Application.ReadWrite.All
All done, then let’s see the Script
#Graph API Details
$GRAPHAPI_clientID = 'yourClientID'
$GRAPHAPI_tenantId = 'yourTenantID'
$GRAPHAPI_Clientsecret = 'yourSecret'
$GRAPHAPI_BaseURL = "https://graph.microsoft.com/v1.0"
#Enter Azure App Details
$AzureAppName = "TestApp1"
$AzureAppAccountType = "AzureADMyOrg" #https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#signinaudience-attribute
#Auth MS Graph API and Get Header
$GRAPHAPI_tokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $GRAPHAPI_clientID
Client_Secret = $GRAPHAPI_Clientsecret
}
$GRAPHAPI_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$GRAPHAPI_tenantId/oauth2/v2.0/token" -Method POST -Body $GRAPHAPI_tokenBody
$GRAPHAPI_headers = @{
"Authorization" = "Bearer $($GRAPHAPI_tokenResponse.access_token)"
"Content-type" = "application/json"
}
#Create Azure App Reg
$CreateAzureAppReg_Body = @"
{
"displayName":"$AzureAppName",
"signInAudience": "$AzureAppAccountType",
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
"@
$CreateAzureAppReg_Params = @{
Method = "POST"
Uri = "$GRAPHAPI_BaseURL/applications"
header = $GRAPHAPI_headers
Body = $CreateAzureAppReg_Body
}
$Result = Invoke-RestMethod @CreateAzureAppReg_Params
$Result.appId #ClientIDThe Result
We get an empty Azure App Registration without a Secret, Cert, or Permissions.
