SOLVED

Change User Assignment required to Yes using powershell/azure CLI for enterprise application

Contributor

Hi Team,

 

I would like to enable User Assignment required to Yes using powershell/azure CLI for enterprise application.

 

Could you suggest how can I enable it?

 

Thank You.

3 Replies
best response confirmed by Sagar_Lad (Contributor)
Solution
You can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-access-management#requir...

#Get current value first
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired
#Change value to yes
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | set-AzureADServicePrincipal -AppRoleAssignmentRequired $true
#Confirm the value changed
Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired

If this helped you please mark as best answer. thank you.
Not sure if anything exists but two options:
1. Use "csvde" to dump both directories to file then use vlookup in Excel to look for matches
2. Let AAD Sync attempt the sync, then use PowerShell to query FIM's metaverse for conflicts:
https://blog.kloud.com.au/2016/07/28/simple-reporting-from-the-fimmim-metaverse-to-powerbi-using-the...