PowerShell Basics: How to Create an Azure AD App Registration
Published Aug 20 2019 12:01 AM 73.4K Views

Azure Active Directory (Azure AD) is Microsoft's fully managed multi-tenant identity and access capabilities for app service. More organizations are now harnessing the security capabilities of Azure AD into the apps they create for an additional layer of authentication. This post will cover how to register an app to Azure AD via PowerShell to take advantage of this.




The Azure AD Module needs to be added to PowerShell prior to getting started. Execute the command below in PowerShell using elevated or Administrative status: 


Install-Module AzureAD


Once the Azure AD Module is installed, run the following command in the same PowerShell window to connect to the required Azure AD tenant: 



NOTE: The required TenantId will be required in subscriptions with multiple tenants. The TenantId value can be found in the Azure Portal navigating to Azure Active Directory > Properties and is listed under Directory ID.


Azure Active Directory TenantIdAzure Active Directory TenantId


Run the following command in the same PowerShell window to connect to the specific Azure AD TenantId (if required): 


Connect-AzureAD -TenantId *Insert Directory ID here*


Step 1: Creating the Azure AD App Registration


Next the following cmdlet is run, now that required Azure AD tenant is connected to PowerShell, to capture the name of the application and the IdentifierURI.


$appName = "TailwindTradersSalesApp"
$appURI = "https://tailwindtraderssalesapp.twtmitt.onmicrosoft.com"
$appHomePageUrl = "http://www.tailwindtraders.com/"
$appReplyURLs = @($appURI, $appHomePageURL, "https://localhost:1234")
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"  -ErrorAction SilentlyContinue))
    $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs    


Step 2: Adding the App Key


With the required URIs now captured, it is time to add the application key.  The key will be stored in the Azure Key Vault which ensures the it's security and disallows unauthorized access. Run the following command to invoke this process: 


$Guid = New-Guid
$startDate = Get-Date
$PasswordCredential = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential
$PasswordCredential.StartDate = $startDate
$PasswordCredential.EndDate = $startDate.AddYears(1)
$PasswordCredential.KeyId = $Guid
$PasswordCredential.Value = ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($Guid))))


NOTE: The PasswordCredential value is created as a Base64 value and is saved in the Azure Key Vault.


This process can also be completed via the Azure Portal but will take much more time to complete.


Version history
Last update:
‎Apr 27 2021 07:34 AM
Updated by: