Create an Azure App Registration with PowerShell and MS GRAPH API

API Reference and Permissions

Read the following DOCS for more Details

Create an Azure App Reg with the following GRAPH API Application Permissions

  • Application.ReadWrite.OwnedBy
  • Application.ReadWrite.All

All done, then let’s see the Script

#Graph API Details
$GRAPHAPI_clientID = 'yourClientID'
$GRAPHAPI_tenantId = 'yourTenantID'
$GRAPHAPI_Clientsecret = 'yourSecret'

$GRAPHAPI_BaseURL = "https://graph.microsoft.com/v1.0"




#Enter Azure App Details
$AzureAppName = "TestApp1"
$AzureAppAccountType = "AzureADMyOrg" #https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#signinaudience-attribute




#Auth MS Graph API and Get Header
$GRAPHAPI_tokenBody = @{  
    Grant_Type    = "client_credentials"  
    Scope         = "https://graph.microsoft.com/.default"  
    Client_Id     = $GRAPHAPI_clientID  
    Client_Secret = $GRAPHAPI_Clientsecret  
}   
$GRAPHAPI_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$GRAPHAPI_tenantId/oauth2/v2.0/token" -Method POST -Body $GRAPHAPI_tokenBody  
$GRAPHAPI_headers = @{
    "Authorization" = "Bearer $($GRAPHAPI_tokenResponse.access_token)"
    "Content-type"  = "application/json"
}



#Create Azure App Reg
$CreateAzureAppReg_Body = @"
    {
        "displayName":"$AzureAppName",
        "signInAudience": "$AzureAppAccountType",
        "web": {
            "redirectUris": [],
            "homePageUrl": null,
            "logoutUrl": null,
            "implicitGrantSettings": {
                "enableIdTokenIssuance": false,
                "enableAccessTokenIssuance": false
            }
        }
    }
"@

$CreateAzureAppReg_Params = @{
    Method = "POST"
    Uri    = "$GRAPHAPI_BaseURL/applications"
    header = $GRAPHAPI_headers
    Body   = $CreateAzureAppReg_Body
}


$Result = Invoke-RestMethod @CreateAzureAppReg_Params

$Result.appId #ClientID

The Result

We get an empty Azure App Registration without a Secret, Cert, or Permissions.