Register-PnPAzureADApp
SYNOPSIS
Registers an Azure AD App and optionally creates a new self-signed certificate to use with the application registration.
SYNTAX
Generate Certificate
Register-PnPAzureADApp -ApplicationName <String>
-Tenant <String>
[-Username <String>]
[-Password <SecureString>]
[-DeviceLogin]
[-Interactive]
[-CommonName <String>]
[-OutPath <String>]
[-Store <StoreLocation>]
[-GraphApplicationPermissions <Permission[]>]
[-GraphDelegatePermissions <Permission[]>]
[-SharePointApplicationPermissions <Permission[]>]
[-SharePointDelegatePermissions <Permission[]>]
[-Country <String>]
[-State <String>]
[-Locality <String>]
[-Organization <String>]
[-OrganizationUnit <String>]
[-ValidYears <Int>]
[-CertificatePassword <SecureString>]
[-NoPopup]
[-LogoFilePath <string>]
[-MicrosoftGraphEndPoint <string>]
[-EntraIDLoginEndPoint <string>]
[-SignInAudience <EntraIDSignInAudience>]
[-LaunchBrowser <SwitchParameter>]
Existing Certificate
Register-PnPAzureADApp -CertificatePath <String>
-ApplicationName <String>
-Tenant <String>
[-Username <String>]
[-Password <SecureString>]
[-DeviceLogin]
[-Interactive]
[-GraphApplicationPermissions <Permission[]>]
[-GraphDelegatePermissions <Permission[]>]
[-SharePointApplicationPermissions <Permission[]>]
[-SharePointDelegatePermissions <Permission[]>]
[-CertificatePassword <SecureString>]
[-NoPopup]
[-LogoFilePath <string>]
[-LaunchBrowser <SwitchParameter>]
DESCRIPTION
Registers an Azure AD App and optionally creates a new self-signed certificate to use with the application registration. You can login either with username/password or you can use the -DeviceLogin option if your tenant has been configured for Multi-Factor Authentication.
Note: if you want to use the newly created app to authenticate with username/password you will have to make a modification to the app. Navigate to the application registration in your Azure AD, select the Authentication section, and set Allow public client flows to yes. Alternatively, navigate to the Manifest section and set allowPublicClient to true.
EXAMPLES
EXAMPLE 1
Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -Store CurrentUser -Interactive
Creates a new Azure AD Application registration, creates a new self signed certificate, and adds it to the local certificate store. It will upload the certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All. A browser window will be shown allowing you to authenticate.
EXAMPLE 2
Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -CertificatePath c:\certificate.pfx -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) -Interactive
Creates a new Azure AD Application registration which will use the existing private key certificate at the provided path to allow access. It will upload the provided private key certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All. A browser window will be shown allowing you to authenticate.
EXAMPLE 3
Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -Store CurrentUser -GraphApplicationPermissions "User.Read.All" -SharePointApplicationPermissions "Sites.Read.All" -Interactive
Creates a new Azure AD Application registration, creates a new self signed certificate, and adds it to the local certificate store. It will upload the certificate to the azure app registration and it will request the following permissions: Sites.Read.All, User.Read.All. A browser window will be shown allowing you to authenticate.
EXAMPLE 4
Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -OutPath c:\ -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) -Interactive
Creates a new Azure AD Application registration, creates a new self signed certificate, and stores the public and private key certificates in c:. The private key certificate will be locked with the password "password". It will upload the certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All. A browser window will be shown allowing you to authenticate.
EXAMPLE 5
Register-PnPAzureADApp -DeviceLogin -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -CertificatePath c:\certificate.pfx -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force)
Creates a new Azure AD Application registration and asks you to authenticate using device login methods, creates a new self signed certificate, and adds it to the local certificate store. It will upload the certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All
EXAMPLE 6
Register-PnPAzureADApp -Interactive -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -CertificatePath c:\certificate.pfx -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force)
Creates a new Azure AD Application registration and asks you to authenticate using username and password, creates a new self signed certificate, and adds it to the local certificate store. It will upload the certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All
EXAMPLE 7
Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -CertificatePath c:\certificate.pfx -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) -Interactive -LogoFilePath c:\logo.png
Creates a new Azure AD Application registration which will use the existing private key certificate at the provided path to allow access. It will upload the provided private key certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All. It will also set the logo.png file as the logo for the Azure AD app.
PARAMETERS
-Interactive
If specified, an interactive authentication flow will be started, allowing your to authenticate with username, password and an optional second factor from your phone or other device.
Type: SwitchParameter
Parameter Sets: (All)
Required: False
Position: Named
Accept pipeline input: False
-Username
The username to use when logging into the Microsoft Graph. Notice that this user account needs to have write access to the Azure AD.
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Accept pipeline input: False
-Password
The password to use when logging into the Microsoft Graph.
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Accept pipeline input: False
-DeviceLogin
If specified, a device login flow, supporting Multi-Factor Authentication will be used to authenticate towards the Microsoft Graph.
Type: SwitchParameter
Parameter Sets: (All)
Required: False
Position: Named
Accept pipeline input: False
-ApplicationName
The name of the Azure AD Application to create.
Type: String
Parameter Sets: (All)
Required: True
Position: Named
Accept pipeline input: False
-CertificatePassword
Optional certificate password.
Type: SecureString
Parameter Sets: (All)
Required: False
Position: 8
Accept pipeline input: False
-CertificatePath
File path to use an existing certificate.
Type: String
Parameter Sets: Existing Certificate
Required: True
Position: Named
Accept pipeline input: False
-CommonName
Common Name (e.g. server FQDN or YOUR name). It defaults to 'pnp.contoso.com'
Type: String
Parameter Sets: Generate Certificate
Required: False
Position: 0
Accept pipeline input: False
-Country
Country Name (2 letter code).
Type: String
Parameter Sets: Generate Certificate
Required: False
Position: 1
Accept pipeline input: False
-Locality
Locality Name (eg. city).
Type: String
Parameter Sets: Generate Certificate
Required: False
Position: 3
Accept pipeline input: False
-Organization
Organization Name (eg. company).
Type: String
Parameter Sets: Generate Certificate
Required: False
Position: 4
Accept pipeline input: False
-OrganizationUnit
Organizational Unit Name (eg. section).
Type: String
Parameter Sets: Generate Certificate
Required: False
Position: 5
Accept pipeline input: False
-OutPath
Folder to create certificate files in (.CER and .PFX).
Type: String
Parameter Sets: Generate Certificate
Required: False
Position: Named
Accept pipeline input: False
-GraphApplicationPermissions
Specify which Microsoft Graph Application permissions to request.
Type: Permission[]
Parameter Sets: Generate Certificate
Required: False
Position: 0
Accept pipeline input: False
-GraphDelegatePermissions
Specify which Microsoft Graph Delegate permissions to request.
Type: Permission[]
Parameter Sets: Generate Certificate
Required: False
Position: 0
Accept pipeline input: False
-SharePointApplicationPermissions
Specify which Microsoft SharePoint Application permissions to request.
Type: Permission[]
Parameter Sets: Generate Certificate
Required: False
Position: 0
Accept pipeline input: False
-SharePointDelegatePermissions
Specify which Microsoft SharePoint Delegate permissions to request.
Type: Permission[]
Parameter Sets: Generate Certificate
Required: False
Position: 0
Accept pipeline input: False
-State
State or Province Name (full name).
Type: String
Parameter Sets: Generate Certificate
Required: False
Position: 2
Accept pipeline input: False
-Store
Local Certificate Store to add the certificate to. Only works on Microsoft Windows.
Type: StoreLocation
Parameter Sets: Generate Certificate
Required: False
Position: Named
Accept pipeline input: False
-Tenant
The identifier of your tenant, e.g. mytenant.onmicrosoft.com
Type: String
Parameter Sets: (All)
Required: True
Position: Named
Accept pipeline input: False
-ValidYears
Number of years until expiration (default is 10, max is 30).
Type: Int
Parameter Sets: Generate Certificate
Required: False
Position: 7
Accept pipeline input: False
-NoPopup
This switch only applies to Windows and has no effect on Linux and MacOS.
If not specified and running on Windows, all authentication and consent steps will be presented in a popup. If you want to open the URLs manually in a browser, specify this switch.
Type: SwitchParameter
Parameter Sets: (All)
Required: False
Position: Named
Accept pipeline input: False
-AzureEnvironment
The Azure environment to use for authentication, the defaults to 'Production' which is the main Azure environment.
Type: AzureEnvironment
Parameter Sets: (All)
Aliases:
Accepted values: Production, PPE, China, Germany, USGovernment, USGovernmentHigh, USGovernmentDoD, Custom
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-LogoFilePath
Sets the logo for the Azure AD application. Provide a full path to a local image file on your disk which you want to use as the logo.
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Accept pipeline input: False
-EntraIDLoginEndPoint
Sets the EntraID login endpoint to be used for creation of the app. This only works if Azure Environment parameter is set to Custom
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Accept pipeline input: False
-MicrosoftGraphEndPoint
Sets the Microsoft Graph endpoint to be used for creation of the app. This only works if Azure Environment parameter is set to Custom
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Accept pipeline input: False
-SignInAudience
Sets the sign in audience. Use this to make the app support Single tenant accounts, Multi-tenant accounts, Multi-tenant + personal accounts & personal accounts only.
Type: String
Parameter Sets: Generate Certificate
Required: False
Position: Named
Accept pipeline input: False
-LaunchBrowser
Launch a browser automatically and copy the code to enter to the clipboard
Type: SwitchParameter
Parameter Sets: DeviceLogin
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False