API Reference and Permissions
Read the following DOCS for more Details
Create an Azure App Reg with the following GRAPH API Application Permissions
- Application.ReadWrite.OwnedBy
- Application.ReadWrite.All
All done, then let’s see the Script
#Graph API Details
$GRAPHAPI_clientID = 'yourClientID'
$GRAPHAPI_tenantId = 'yourTenantID'
$GRAPHAPI_Clientsecret="yourSecret"
$GRAPHAPI_BaseURL = "https://graph.microsoft.com/v1.0"
#Enter Azure App Details
$AzureAppName = "TestApp1"
$AzureAppAccountType = "AzureADMyOrg" #https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#signinaudience-attribute
#Auth MS Graph API and Get Header
$GRAPHAPI_tokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $GRAPHAPI_clientID
Client_Secret = $GRAPHAPI_Clientsecret
}
$GRAPHAPI_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$GRAPHAPI_tenantId/oauth2/v2.0/token" -Method POST -Body $GRAPHAPI_tokenBody
$GRAPHAPI_headers = @{
"Authorization" = "Bearer $($GRAPHAPI_tokenResponse.access_token)"
"Content-type" = "application/json"
}
#Create Azure App Reg
$CreateAzureAppReg_Body = @"
{
"displayName":"$AzureAppName",
"signInAudience": "$AzureAppAccountType",
"web": {
"redirectUris": [],
"homePageUrl": null,
"logoutUrl": null,
"implicitGrantSettings": {
"enableIdTokenIssuance": false,
"enableAccessTokenIssuance": false
}
}
}
"@
$CreateAzureAppReg_Params = @{
Method = "POST"
Uri = "$GRAPHAPI_BaseURL/applications"
header = $GRAPHAPI_headers
Body = $CreateAzureAppReg_Body
}
$Result = Invoke-RestMethod @CreateAzureAppReg_Params
$Result.appId #ClientIDThe Result
We get an empty Azure App Registration without a Secret, Cert, or Permissions.
