Hi,
I am trying to automate the process of granting access using SharePoint App-Only via PowerShell script. As explained in the micrsoft article its a three step process:
- Create principal using appregnew.aspx page
- Granting permissions to the newly created principal using appinv.aspx page
- Trust the app
I am able to create the principal with the below script but I could not find a way to grant permission via powershell script. I need to update the principal with the below permission and trust the app as tenant admin via powershell script. Is it possible to set permission via PowerShell script?
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="FullControl" />
</AppPermissionRequests>
$credential = Get-Credential
$clientID = "a05cdfc7-e777-42bf-a37a-5db5c5c23e6b"
$newclientsecret = "abP1ylR5VAyjbZPt3BRzP/lIIyAUp0IpdMMNQDJ9jOe="
$appName = "Contoso"
$appUrl = "https://contoso.azurewebsites.net/"
$appDomain = "contoso.azurewebsites.net"
$appId = [System.Guid]::Parse($clientID)
$servicePrincipalName = @("$clientID/$appDomain")
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(3)
Connect-MsolService -Credential $credential
New-MsolServicePrincipal -serviceprincipalnames $serviceprincipalname -appprincipalid $appid -displayname $appname -type symmetric -usage verify -value $newclientsecret -addresses (new-msolserviceprincipaladdresses -address $appurl) -startdate $dtstart –enddate $dtend
New-MsolServicePrincipalCredential -appprincipalid $appid -type symmetric -usage sign -value $newclientsecret -startdate $dtstart –enddate $dtend
New-MsolServicePrincipalCredential -appprincipalid $appid -type password -usage verify -value $newclientsecret -startdate $dtstart –enddate $dtend
