Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Change User Assignment required to Yes using powershell/azure CLI for enterprise application

Brass Contributor

Hi Team,

 

I would like to enable User Assignment required to Yes using powershell/azure CLI for enterprise application.

 

Could you suggest how can I enable it?

 

Thank You.

3 Replies
best response confirmed by Sagar_Lad (Brass Contributor)
Solution
You can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-access-management#requir...

#Get current value first
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired
#Change value to yes
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | set-AzureADServicePrincipal -AppRoleAssignmentRequired $true
#Confirm the value changed
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired

If this helped you please mark as best answer. thank you.
Not sure if anything exists but two options:
1. Use "csvde" to dump both directories to file then use vlookup in Excel to look for matches
2. Let AAD Sync attempt the sync, then use PowerShell to query FIM's metaverse for conflicts:
https://blog.kloud.com.au/2016/07/28/simple-reporting-from-the-fimmim-metaverse-to-powerbi-using-the...
1 best response

Accepted Solutions
best response confirmed by Sagar_Lad (Brass Contributor)
Solution
You can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-access-management#requir...

#Get current value first
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired
#Change value to yes
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | set-AzureADServicePrincipal -AppRoleAssignmentRequired $true
#Confirm the value changed
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired

If this helped you please mark as best answer. thank you.

View solution in original post