edvaldo b. guimarães filho

Registering and Managing Azure AD Applications with PnP PowerShell

Integrating with Azure Active Directory (Azure AD) is essential for building modern enterprise solutions. By registering applications in Azure AD, you enable them to authenticate and gain access to secure APIs like Microsoft Graph. This blog post will guide you through registering and managing Azure AD applications using PnP PowerShell.

Registering and Managing Azure AD Applications with PnP PowerShell

Integrating with Azure Active Directory (Azure AD) is essential for building modern enterprise solutions. By registering applications in Azure AD, you enable them to authenticate and gain access to secure APIs like Microsoft Graph. This blog post will guide you through registering and managing Azure AD applications using PnP PowerShell.

What is Application Registration in Azure AD?

Application registration in Azure AD allows you to define the permissions and access policies for an application. Whether you’re building an application that needs to authenticate users, access Microsoft 365 data, or integrate with Microsoft Graph, registering the application in Azure AD is a key step.

In this guide, we will cover the steps to:

  1. Register a new application in Azure AD.
  2. Assign API permissions to the application.
  3. Generate client secrets or certificates for authentication.
  4. Manage permissions for the application.

Prerequisites

Before you begin, ensure you have:

  • Access to the Azure AD admin portal.
  • Permissions to register and manage applications.
  • PnP PowerShell installed on your local machine.

To install PnP PowerShell, run the following command in PowerShell:

Install-Module -Name PnP.PowerShell

Step 1: Registering an Application with PnP PowerShell

To register a new application in Azure AD, we use the Register-PnPAzureADApp command. This command allows you to create a new application, set permissions, and generate secrets.

# Registering a new Azure AD Application
Register-PnPAzureADApp -ApplicationName "MyPnPApp" -Tenant "yourtenant.onmicrosoft.com" -OutPath "MyPnPApp" -RedirectUris "https://localhost"

This command registers an application named MyPnPApp with a redirect URI pointing to localhost for testing. The application configuration is saved locally in a file for future reference.

Step 2: Assigning API Permissions

After registering the application, you’ll want to assign permissions for it to interact with Microsoft APIs such as Microsoft Graph. This can be done with the Set-PnPAzureADAppPermissions command:

# Assigning Microsoft Graph API Permissions
Set-PnPAzureADAppPermissions -ApplicationId "Your-App-Id" -Scopes "User.Read, Files.ReadWrite"

This command grants the application permission to read user profiles and access files within Microsoft 365.

Step 3: Generating Client Secrets

Client secrets are needed for the application to authenticate. Use the New-PnPAzureADAppSecret command to generate a new secret.

# Generating a new client secret
New-PnPAzureADAppSecret -ApplicationId "Your-App-Id"

This command generates a new client secret, which you will use to authenticate the application.

Step 4: Managing Application Permissions

To manage and modify the application’s permissions after registration, you can use the Get-PnPAzureADApp command to retrieve details and Set-PnPAzureADAppPermissions to modify its access scopes.

# Getting details of the registered application
Get-PnPAzureADApp -ApplicationId "Your-App-Id"

# Modifying application permissions
Set-PnPAzureADAppPermissions -ApplicationId "Your-App-Id" -Scopes "User.Read, Mail.Send"

Conclusion

Using PnP PowerShell, you can automate the registration and management of Azure AD applications, simplifying the integration of your solutions with Microsoft 365 services.

For more details, you can refer to the official PnP PowerShell documentation on registering applications.

Summary of Commands

  • Register-PnPAzureADApp: Registers a new Azure AD application.
  • Set-PnPAzureADAppPermissions: Assigns API permissions to the application.
  • New-PnPAzureADAppSecret: Generates a client secret for the application.
  • Get-PnPAzureADApp: Retrieves details of the registered application.
Edvaldo Guimrães Filho Avatar

Published by

Edvaldo Guimrães Filho
With over 30 years of professional experience as a System and Business Analyst, Project Manager, and Technical Marketing and Sales Support Leader, including 20 years specializing in SharePoint and 5 years in Business AI Transformation, I have worked across various industries and markets. I have had the privilege of collaborating with top 500 Brazilian companies such as DASA, Siemens, Telefónica, Heineken, K2, Comgas/Raízen/Shell, Cognizant, Coty, Hypermarcas, Banco Itaú, Cobrape, Natura, Stefanini, Braskem, Nestlé, Avanade, TIM, Infoserver, SysMap, Vivo, Apsen, Siemens, EDS, Duracell, KPMG, Petrobras, CESP, TV Record, Método Engenharia, and MSD (Merck Sharp & Dohme). Today, I manage, project, and develop solutions and integrations using the following technological platforms: SharePoint, Microsoft 365, Power Platform, Power BI, C#, SQL, Python, JavaScript, React, IoT, C/C++, CAD, and 3D Printing.
Categories: ,
Tags:

Leave a comment