cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
PowerShell Basics: How to Create an Azure AD App Registration
By
Anthony Bartolo
Published Aug 20 2019 12:01 AM 73.4K Views
Anthony Bartolo
Microsoft
‎Aug 20 2019 12:01 AM

PowerShell Basics: How to Create an Azure AD App Registration

‎Aug 20 2019 12:01 AM

Azure Active Directory (Azure AD) is Microsoft's fully managed multi-tenant identity and access capabilities for app service. More organizations are now harnessing the security capabilities of Azure AD into the apps they create for an additional layer of authentication. This post will cover how to register an app to Azure AD via PowerShell to take advantage of this.

 

Prerequisite

 

The Azure AD Module needs to be added to PowerShell prior to getting started. Execute the command below in PowerShell using elevated or Administrative status: 

 

Install-Module AzureAD

 

Once the Azure AD Module is installed, run the following command in the same PowerShell window to connect to the required Azure AD tenant: 

 

Connect-AzureAD

NOTE: The required TenantId will be required in subscriptions with multiple tenants. The TenantId value can be found in the Azure Portal navigating to Azure Active Directory > Properties and is listed under Directory ID.

 

Azure Active Directory TenantIdAzure Active Directory TenantId

 

Run the following command in the same PowerShell window to connect to the specific Azure AD TenantId (if required): 

 

Connect-AzureAD -TenantId *Insert Directory ID here*

 

Step 1: Creating the Azure AD App Registration

 

Next the following cmdlet is run, now that required Azure AD tenant is connected to PowerShell, to capture the name of the application and the IdentifierURI.

 

$appName = "TailwindTradersSalesApp"
$appURI = "https://tailwindtraderssalesapp.twtmitt.onmicrosoft.com"
$appHomePageUrl = "http://www.tailwindtraders.com/"
$appReplyURLs = @($appURI, $appHomePageURL, "https://localhost:1234")
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"  -ErrorAction SilentlyContinue))
{
    $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs    
}

 

Step 2: Adding the App Key

 

With the required URIs now captured, it is time to add the application key.  The key will be stored in the Azure Key Vault which ensures the it's security and disallows unauthorized access. Run the following command to invoke this process: 

 

$Guid = New-Guid
$startDate = Get-Date
    
$PasswordCredential = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential
$PasswordCredential.StartDate = $startDate
$PasswordCredential.EndDate = $startDate.AddYears(1)
$PasswordCredential.KeyId = $Guid
$PasswordCredential.Value = ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($Guid))))

 

NOTE: The PasswordCredential value is created as a Base64 value and is saved in the Azure Key Vault.

 

This process can also be completed via the Azure Portal but will take much more time to complete.

 

0 Likes
Like
4 Comments
Co-Authors
Version history
Last update:
‎Apr 27 2021 07:34 AM
Updated by:
Labels