Create an Azure App Registration with PowerShell and MS GRAPH API

Ok, this took me a while, but it was worth it. There will be a series of Blog Posts to work with Azure App Registration Automation. Create an Azure App Reg, create a Secret or upload a Cert, Add or remove API Permissions, and more.

In this post, we create the Azure Application Registration and receive the ClientID.

Graph API Basics

I did an MS Graph API Series some time ago to learn all the Basics that we will not cover in this Post

To learn more from Microsoft GRAPH API, see my Blog Series:
Part 1 – Authentication and Azure App – Use Microsoft Graph API with PowerShell – Part 1 » TechGuy
Part 2 – Oauth2.0 – Use Microsoft Graph API with PowerShell – Part 2 » TechGuy
Part 3 – First Powershell Script to get a Teams Lis and Walkthrough – Use Microsoft Graph API with PowerShell – Part 3 » TechGuy
Part 4 – this one – Use Microsoft Graph API with PowerShell – Part 4 » TechGuy

API Reference and Permissions

Read the following DOCS for more Details

• https://docs.microsoft.com/en-us/graph/api/application-post-applications?view=graph-rest-1.0&tabs=http

Create an Azure App Reg with the following GRAPH API Application Permissions

• Application.ReadWrite.OwnedBy
• Application.ReadWrite.All

All done, then let’s see the Script

The Script

#Graph API Details
$GRAPHAPI_clientID = 'yourClientID'
$GRAPHAPI_tenantId = 'yourTenantID'
$GRAPHAPI_Clientsecret = 'yourSecret'

$GRAPHAPI_BaseURL = "https://graph.microsoft.com/v1.0"




#Enter Azure App Details
$AzureAppName = "TestApp1"
$AzureAppAccountType = "AzureADMyOrg" #https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#signinaudience-attribute




#Auth MS Graph API and Get Header
$GRAPHAPI_tokenBody = @{  
    Grant_Type    = "client_credentials"  
    Scope         = "https://graph.microsoft.com/.default"  
    Client_Id     = $GRAPHAPI_clientID  
    Client_Secret = $GRAPHAPI_Clientsecret  
}   
$GRAPHAPI_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$GRAPHAPI_tenantId/oauth2/v2.0/token" -Method POST -Body $GRAPHAPI_tokenBody  
$GRAPHAPI_headers = @{
    "Authorization" = "Bearer $($GRAPHAPI_tokenResponse.access_token)"
    "Content-type"  = "application/json"
}



#Create Azure App Reg
$CreateAzureAppReg_Body = @"
    {
        "displayName":"$AzureAppName",
        "signInAudience": "$AzureAppAccountType",
        "web": {
            "redirectUris": [],
            "homePageUrl": null,
            "logoutUrl": null,
            "implicitGrantSettings": {
                "enableIdTokenIssuance": false,
                "enableAccessTokenIssuance": false
            }
        }
    }
"@

$CreateAzureAppReg_Params = @{
    Method = "POST"
    Uri    = "$GRAPHAPI_BaseURL/applications"
    header = $GRAPHAPI_headers
    Body   = $CreateAzureAppReg_Body
}


$Result = Invoke-RestMethod @CreateAzureAppReg_Params

$Result.appId #ClientID

The Result

We get an empty Azure App Registration without a Secret, Cert, or Permissions.

GitHub Repo

Make sure you get the Script from my Azure Github Repo: Seidlm/Microsoft-Azure: Azure Rest API Examples (github.com)

Name: Create Azure App Registration.ps1

Azure Application Registration Self Service with au2mator

Michael Seidl aka Techguy
au2mate everything