entra app role add
Adds role to the specified Entra app registration
Usage
m365 entra app role add [options]
Alias
m365 aad app role add [options]
m365 entra appregistration role add [options]
Options
--appId [appId]Application (client) ID of the Entra application registration to which to add the role. Specify either
appId,appObjectIdorappName--appObjectId [appObjectId]Object ID of the Entra application registration to which to add the role. Specify either
appId,appObjectIdorappName--appName [appName]Name of the Entra application registration to which to add the role. Specify either
appId,appObjectIdorappName-n, --name <name>Name of the role to add
-d, --description <description>Description of the role to add
-m, --allowedMembers <allowedMembers>Types of members that can be added to the group. Allowed values:
usersGroups,applications,both-c, --claim <claim>Claim value
-h, --help [help]Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are
options,examples,remarks,response,full. Default isoptions.--query [query]JMESPath query string. See http://jmespath.org/ for more information and examples.
-o, --output [output]Output type.
json,text,csv,md,none. Defaultjson.--verboseRuns command with verbose logging.
--debugRuns command with debug logging.
Remarks
For best performance use the appObjectId option to reference the Entra application registration for which to add the role. If you use appId or appName, this command will first need to find the corresponding object ID for that application.
If the command finds multiple Entra application registrations with the specified app name, it will prompt you to disambiguate which app it should use, listing the discovered object IDs.
Examples
Add role to the Entra application registration specified by its object ID
m365 entra app role add --appObjectId d75be2e1-0204-4f95-857d-51a37cf40be8 --name Managers --description "Managers" --allowedMembers usersGroups --claim managers
Add role to the Entra application registration specified by its app (client) ID
m365 entra app role add --appId e75be2e1-0204-4f95-857d-51a37cf40be8 --name Managers --description "Managers" --allowedMembers usersGroups --claim managers
Add role to the Entra application registration specified by its name
m365 entra app role add --appName "My app" --name Managers --description "Managers" --allowedMembers usersGroups --claim managers
Response
The command won't return a response on success.