az ad app
Manage applications with AAD Graph.
Commands
| az ad app create |
Create a web application, web API or native application. |
| az ad app credential |
Manage an application's password or certificate credentials. |
| az ad app credential delete |
Delete an application's password or certificate credentials. |
| az ad app credential list |
List an application's password or certificate credential metadata. (The content of the password or certificate credential is not retrievable.). |
| az ad app credential reset |
Append or overwrite an application's password or certificate credentials. |
| az ad app delete |
Delete an application. |
| az ad app list |
List applications. |
| az ad app owner |
Manage application owners. |
| az ad app owner add |
Add an application owner. |
| az ad app owner list |
List application owners. |
| az ad app owner remove |
Remove an application owner. |
| az ad app permission |
Manage an application's OAuth2 permissions. |
| az ad app permission add |
Add an API permission. |
| az ad app permission admin-consent |
Grant Application & Delegated permissions through admin-consent. |
| az ad app permission delete |
Remove an API permission. |
| az ad app permission grant |
Grant the app an API Delegated permissions. |
| az ad app permission list |
List API permissions the application has requested. |
| az ad app permission list-grants |
List Oauth2 permission grants. |
| az ad app show |
Get the details of an application. |
| az ad app update |
Update an application. |
az ad app create
Create a web application, web API or native application.
az ad app create --display-name
[--app-roles]
[--available-to-other-tenants {false, true}]
[--credential-description]
[--end-date]
[--homepage]
[--identifier-uris]
[--key-type {AsymmetricX509Cert, Password, Symmetric}]
[--key-usage {Sign, Verify}]
[--key-value]
[--native-app {false, true}]
[--oauth2-allow-implicit-flow {false, true}]
[--optional-claims]
[--password]
[--reply-urls]
[--required-resource-accesses]
[--start-date]Examples
Create a native application with delegated permission of "access the AAD directory as the signed-in user"
az ad app create --display-name my-native --native-app --required-resource-accesses @manifest.json
("manifest.json" contains the following content)
[{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "a42657d6-7f20-40e3-b6f0-cee03008a62a",
"type": "Scope"
}
]
}]Create an application with a role
az ad app create --display-name mytestapp --identifier-uris https://mytestapp.websites.net --app-roles @manifest.json
("manifest.json" contains the following content)
[{
"allowedMemberTypes": [
"User"
],
"description": "Approvers can mark documents as approved",
"displayName": "Approver",
"isEnabled": "true",
"value": "approver"
}]Create an application with optional claims
az ad app create --display-name mytestapp --optional-claims @manifest.json
("manifest.json" contains the following content)
{
"idToken": [
{
"name": "auth_time",
"source": null,
"essential": false
}
],
"accessToken": [
{
"name": "email",
"source": null,
"essential": false
}
]
}Required Parameters
The display name of the application.
Optional Parameters
Declare the roles you want to associate with your application. Should be in manifest json format. See examples below for details.
The application can be used from any Azure AD tenants.
The description of the password.
Date or datetime after which credentials expire(e.g. '2017-12-31T11:59:59+00:00' or '2017-12-31'). Default value is one year after current time.
The url where users can sign in and use your app.
Space-separated unique URIs that Azure AD can use for this app.
The type of the key credentials associated with the application.
The usage of the key credentials associated with the application.
The value for the key credentials associated with the application.
An application which can be installed on a user's device or computer.
Whether to allow implicit grant flow for OAuth2.
Declare the optional claims for the application. Should be in manifest json format. See examples below for details. Please reference https://docs.microsoft.com/azure/active-directory/develop/active-directory-optional-claims#optionalclaim-type for optional claim properties.
App password, aka 'client secret'.
Space-separated URIs to which Azure AD will redirect in response to an OAuth 2.0 request. The value does not need to be a physical endpoint, but must be a valid URI.
Resource scopes and roles the application requires access to. Should be in manifest json format. See examples below for details.
Date or datetime at which credentials become valid(e.g. '2017-01-01T01:00:00+00:00' or '2017-01-01'). Default value is current time.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad app delete
Delete an application.
az ad app delete --idExamples
Delete an application. (autogenerated)
az ad app delete --id 00000000-0000-0000-0000-000000000000Required Parameters
Identifier uri, application id, or object id.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad app list
List applications.
For low latency, by default, only the first 100 will be returned unless you provide filter arguments or use "--all".
az ad app list [--all]
[--app-id]
[--display-name]
[--filter]
[--identifier-uri]
[--show-mine]Optional Parameters
List all entities, expect long delay if under a big organization.
Application id.
The display name of the application.
OData filter, e.g. --filter "displayname eq 'test' and servicePrincipalType eq 'Application'".
Graph application identifier, must be in uri format.
List entities owned by the current user.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad app show
Get the details of an application.
az ad app show --idExamples
Get the details of an application. (autogenerated)
az ad app show --id 00000000-0000-0000-0000-000000000000Required Parameters
Identifier uri, application id, or object id.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az ad app update
Update an application.
az ad app update --id
[--add]
[--app-roles]
[--available-to-other-tenants {false, true}]
[--credential-description]
[--display-name]
[--end-date]
[--force-string]
[--homepage]
[--identifier-uris]
[--key-type {AsymmetricX509Cert, Password, Symmetric}]
[--key-usage {Sign, Verify}]
[--key-value]
[--oauth2-allow-implicit-flow {false, true}]
[--optional-claims]
[--password]
[--remove]
[--reply-urls]
[--required-resource-accesses]
[--set]
[--start-date]Examples
update a native application with delegated permission of "access the AAD directory as the signed-in user"
az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --required-resource-accesses @manifest.json
("manifest.json" contains the following content)
[{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "a42657d6-7f20-40e3-b6f0-cee03008a62a",
"type": "Scope"
}
]
}]declare an application role
az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --app-roles @manifest.json
("manifest.json" contains the following content)
[{
"allowedMemberTypes": [
"User"
],
"description": "Approvers can mark documents as approved",
"displayName": "Approver",
"isEnabled": "true",
"value": "approver"
}]update optional claims
az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --optional-claims @manifest.json
("manifest.json" contains the following content)
{
"idToken": [
{
"name": "auth_time",
"source": null,
"essential": false
}
],
"accessToken": [
{
"name": "email",
"source": null,
"essential": false
}
]
}update an application's group membership claims to "All"
az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --set groupMembershipClaims=AllRequired Parameters
Identifier uri, application id, or object id.
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Declare the roles you want to associate with your application. Should be in manifest json format. See examples below for details.
The application can be used from any Azure AD tenants.
The description of the password.
The display name of the application.
Date or datetime after which credentials expire(e.g. '2017-12-31T11:59:59+00:00' or '2017-12-31'). Default value is one year after current time.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
The url where users can sign in and use your app.
Space-separated unique URIs that Azure AD can use for this app.
The type of the key credentials associated with the application.
The usage of the key credentials associated with the application.
The value for the key credentials associated with the application.
Whether to allow implicit grant flow for OAuth2.
Declare the optional claims for the application. Should be in manifest json format. See examples below for details. Please reference https://docs.microsoft.com/azure/active-directory/develop/active-directory-optional-claims#optionalclaim-type for optional claim properties.
App password, aka 'client secret'.
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
Space-separated URIs to which Azure AD will redirect in response to an OAuth 2.0 request. The value does not need to be a physical endpoint, but must be a valid URI.
Resource scopes and roles the application requires access to. Should be in manifest json format. See examples below for details.
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
Date or datetime at which credentials become valid(e.g. '2017-01-01T01:00:00+00:00' or '2017-01-01'). Default value is current time.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
الملاحظات
إرسال الملاحظات وعرضها المتعلقة بـ