New-AzureADServiceAppRoleAssignment
This article provides migration details from New-AzureADServiceAppRoleAssignment command to Microsoft Graph PowerShell.
Summary
- Azure AD Command: New-AzureADServiceAppRoleAssignment
- Azure AD Module: AzureAD
- Microsoft Graph Command: New-MgServicePrincipalAppRoleAssignment (Community Examples)
- Graph Module: Microsoft.Graph.Applications
- Graph Endpoint: POST /servicePrincipals/{servicePrincipal-id}/appRoleAssignments
Permissions
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | AppRoleAssignment.ReadWrite.All and Application.Read.All, AppRoleAssignment.ReadWrite.All and Directory.Read.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | AppRoleAssignment.ReadWrite.All and Application.Read.All, AppRoleAssignment.ReadWrite.All and Directory.Read.All |
View more details on permissions.
Note
As a best practice, we recommend creating app role assignments through the appRoleAssignedTo relationship of the resource service principal, instead of the appRoleAssignments relationship of the assigned user, group, or service principal.
Property Mapping
| Azure AD Name | Microsoft Graph Name |
|---|---|
| Id | Id |
| ObjectId | ServicePrincipalId |
| PrincipalId | PrincipalId |
| ResourceId | ResourceId |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for