In this Post, we will add an Owner by his UPN to an existing Azure Application Registration.
Graph API Basics
I did an MS Graph API Series some time ago to learn all the Basics that we will not cover in this Post
To learn more from Microsoft GRAPH API, see my Blog Series:
Part 1 – Authentication and Azure App – Use Microsoft Graph API with PowerShell – Part 1 » TechGuy
Part 2 – Oauth2.0 – Use Microsoft Graph API with PowerShell – Part 2 » TechGuy
Part 3 – First Powershell Script to get a Teams Lis and Walkthrough – Use Microsoft Graph API with PowerShell – Part 3 » TechGuy
Part 4 – this one – Use Microsoft Graph API with PowerShell – Part 4 » TechGuy
API Reference and Permissions
Read the following DOCS for more Details
https://docs.microsoft.com/en-us/graph/api/application-post-owners?view=graph-rest-1.0&tabs=http
Create an Azure App Reg with the following GRAPH API Application Permissions
- Application.ReadWrite.OwnedBy
- Application.ReadWrite.All
- Directory.Read.All
All done, then let’s see the Script
The Script
#Graph API Details
$GRAPHAPI_clientID = 'yourClientID'
$GRAPHAPI_tenantId = 'yourTenantID'
$GRAPHAPI_Clientsecret = 'yourSecret'
$GRAPHAPI_BaseURL = "https://graph.microsoft.com/v1.0"
#Enter Azure App Details
$AzureAppObjectID = "5b8d1a75-6b99-4af5-b1b7-0127b6c39304"
$NewOwnerUPN = "michael.seidl@au2mator.com"
#Auth MS Graph API and Get Header
$GRAPHAPI_tokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $GRAPHAPI_clientID
Client_Secret = $GRAPHAPI_Clientsecret
}
$GRAPHAPI_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$GRAPHAPI_tenantId/oauth2/v2.0/token" -Method POST -Body $GRAPHAPI_tokenBody
$GRAPHAPI_headers = @{
"Authorization" = "Bearer $($GRAPHAPI_tokenResponse.access_token)"
"Content-type" = "application/json"
}
#Get USer ID from UPN
$GetUserID_Params = @{
Method = "Get"
Uri = "$GRAPHAPI_BaseURL/users/$NewOwnerUPN"
header = $GRAPHAPI_headers
}
$Result = Invoke-RestMethod @GetUserID_Params
#$Result.id #UserID
#Set new Owner
$SetRegAppOwner_Body = @"
{
"@odata.id" : "https://graph.microsoft.com/v1.0/directoryObjects/$($Result.id)"
}
"@
$SetRegAppOwner_Params = @{
Method = "POST"
Uri = "$GRAPHAPI_BaseURL/applications/$AzureAppObjectID/owners/`$ref"
header = $GRAPHAPI_headers
body = $SetRegAppOwner_Body
}
Invoke-RestMethod @SetRegAppOwner_ParamsThe Result
We now have an additional Owner in our Azure Application Registration
GitHub Repo
Make sure you get the Script from my Azure Github Repo: Seidlm/Microsoft-Azure: Azure Rest API Examples (github.com)
Name: Add Owner to Azure App Reg.ps1
Add Owner to an Azure Application Registration Self Service with au2mator
With au2mator Self Service Portal, you can create a Service and delegate the task to add an Owner to an Azure Application Registration.
Some of the Use cases❗
✔️Delegate the Owner Configuration of Azure App Registration
✔️Control your Owner Configuration outside Azure Portal.
✔️Mass add Owner to an Azure App Registration
✔️Approve or deny an Owner Request of an Azure App Registration
✔️Many more…
More Details: www.au2mator.com
Michael Seidl aka Techguy
au2mate everything
Thank you very much. Only site on the whole web that has solution for me.
Thank you, that’s spot on, exactly what I needed to complete what I was doing. 🙂
happy to help