Register-PnPAzureADApp

Tip

We encourage you to make improvements to this documentation. Please navigate to https://github.com/pnp/powershell/blob/dev/documentation/Register-PnPAzureADApp.md to change this file.

Register an Azure AD App and optionally creates a new self-signed certificate to use with the application registration.

Syntax

Register-PnPAzureADApp
        -ApplicationName <String>
                                              -Tenant <String>
                                              [-Username <String>]
                                              [-Password <SecureString>]
                                              [-DeviceLogin]
                                              [-Interactive]
                                              [-CommonName <String>]
                                              [-OutPath <String>]
                                              [-Store <StoreLocation>]
                                              [-GraphApplicationPermissions <Permission[]>]
                                              [-GraphDelegatePermissions <Permission[]>]
                                              [-SharePointApplicationPermissions <Permission[]>]
                                              [-SharePointDelegatePermissions <Permission[]>]
                                              [-Country <String>]
                                              [-State <String>]
                                              [-Locality <String>]
                                              [-Organization <String>]
                                              [-OrganizationUnit <String>]
                                              [-ValidYears <Int>]
                                              [-CertificatePassword <SecureString>]
                                              [-NoPopup]
Register-PnPAzureADApp
         -CertificatePath <String>
                               -ApplicationName <String>
                               -Tenant <String>
                               [-Username <String>]
                               [-Password <SecureString>]
                               [-DeviceLogin]
                               [-Interactive]
                               [-GraphApplicationPermissions <Permission[]>]
                               [-GraphDelegatePermissions <Permission[]>]
                               [-SharePointApplicationPermissions <Permission[]>]
                               [-SharePointDelegatePermissions <Permission[]>]
                               [-CertificatePassword <SecureString>]
                               [-NoPopup]

Description

Registers an Azure AD App and optionally creates a new self-signed certificate to use with the application registration. You can login either with username/password or you can use the -DeviceLogin option if your tenant has been configured for Multi-Factor Authentication.

Note: if you want to use the newly created app to authentication with username/password you will have to make a modification to the app. Navigate to the application registration in your Azure AD, select the Authentication section, and set Allow public client flows to yes. Alternatively, navigate to the Manifest section and set allowPublicClient to true.

Examples

------------------EXAMPLE 1------------------

Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -Store CurrentUser -Username "yourname@domain.com" -Password (Read-Host -AsSecureString -Prompt "Enter Password")

Creates a new Azure AD Application registration, creates a new self signed certificate, and adds it to the local certificate store. It will upload the certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All

------------------EXAMPLE 2------------------

Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -CertificatePath c:\certificate.pfx -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) -Username "yourname@domain.com" -Password (Read-Host -AsSecureString -Prompt "Enter password")

Creates a new Azure AD Application registration which will use the existing private key certificate at the provided path to allow access. It will upload the provided private key certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All

------------------EXAMPLE 3------------------

Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -Store CurrentUser -GraphApplicationPermissions "User.Read.All" -SharePointApplicationPermissions "Sites.Read.All" -Username "yourname@domain.com" -Password (Read-Host -AsSecureString -Prompt "Enter Password")

Creates a new Azure AD Application registration, creates a new self signed certificate, and adds it to the local certificate store. It will upload the certificate to the azure app registration and it will request the following permissions: Sites.Read.All, User.Read.All

------------------EXAMPLE 4------------------

Register-PnPAzureADApp -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -OutPath c:\ -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) -Username "yourname@domain.com" -Password (Read-Host -AsSecureString -Prompt "Enter Password")

Creates a new Azure AD Application registration, creates a new self signed certificate, and stores the public and private key certificates in c:. The private key certificate will be locked with the password "password". It will upload the certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All

------------------EXAMPLE 5------------------

Register-PnPAzureADApp -DeviceLogin -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -CertificatePath c:\certificate.pfx -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force)

Creates a new Azure AD Application registration and asks you to authenticate using device login methods, creates a new self signed certificate, and adds it to the local certificate store. It will upload the certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All

------------------EXAMPLE 6------------------

Register-PnPAzureADApp -Interactive -ApplicationName TestApp -Tenant yourtenant.onmicrosoft.com -CertificatePath c:\certificate.pfx -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force)

Creates a new Azure AD Application registration and asks you to authenticate using username and password, creates a new self signed certificate, and adds it to the local certificate store. It will upload the certificate to the azure app registration and it will request the following permissions: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All

Parameters

-ApplicationName

The name of the Azure AD Application to create

Type:String
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-CertificatePassword

Optional certificate password

Type:SecureString
Position:8
Accept pipeline input:False
Accept wildcard characters:False
-CertificatePath

File path to use an existing certificate

Type:String
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-CommonName

Common Name (e.g. server FQDN or YOUR name). defaults to 'pnp.contoso.com'

Type:String
Position:0
Accept pipeline input:False
Accept wildcard characters:False
-Country

Country Name (2 letter code)

Type:String
Position:1
Accept pipeline input:False
Accept wildcard characters:False
-DeviceLogin

If specified, a device login flow, supporting Multi-Factor Authentication will be used to authenticate towards the Microsoft Graph

Type:SwitchParameter
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-GraphApplicationPermissions

Specify which Microsoft Graph Application permissions to request.

Type:Permission[]
Position:0
Accept pipeline input:False
Accept wildcard characters:False
-GraphDelegatePermissions

Specify which Microsoft Graph Delegate permissions to request.

Type:Permission[]
Position:0
Accept pipeline input:False
Accept wildcard characters:False
-Locality

Locality Name (eg, city)

Type:String
Position:3
Accept pipeline input:False
Accept wildcard characters:False
-NoPopup

This switch only applies to Windows and has no effect on Linux and MacOS.

If not specified and running on Windows, all authentication and consent steps will be presented in a popup. If you want to open the URLs manually in a browser, specify this switch.

Type:SwitchParameter
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-Organization

Organization Name (eg, company)

Type:String
Position:4
Accept pipeline input:False
Accept wildcard characters:False
-OrganizationUnit

Organizational Unit Name (eg, section)

Type:String
Position:5
Accept pipeline input:False
Accept wildcard characters:False
-OutPath

Folder to create certificate files in (.CER and .PFX)

Type:String
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-Password

The password to use when logging into the Microsoft Graph

Type:String
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-SharePointApplicationPermissions

Specify which Microsoft SharePoint Application permissions to request.

Type:Permission[]
Position:0
Accept pipeline input:False
Accept wildcard characters:False
-SharePointDelegatePermissions

Specify which Microsoft SharePoint Delegate permissions to request.

Type:Permission[]
Position:0
Accept pipeline input:False
Accept wildcard characters:False
-State

State or Province Name (full name)

Type:String
Position:2
Accept pipeline input:False
Accept wildcard characters:False
-Store

Local Certificate Store to add the certificate to. Only works on Microsoft Windows.

Type:StoreLocation
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-Tenant

The identifier of your tenant, e.g. mytenant.onmicrosoft.com

Type:String
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-Username

The username to use when logging into the Microsoft Graph. Notice that this user account needs to have write access to the Azure AD

Type:String
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-ValidYears

Number of years until expiration (default is 10, max is 30)

Type:Int
Position:7
Accept pipeline input:False
Accept wildcard characters:False