m365Corner
M365 Glossary

New-MgApplicationOwnerByRef

What is New-MgApplicationOwnerByRef?

New-MgApplicationOwnerByRef is a Microsoft Graph PowerShell cmdlet used to assign one or more owners to an existing app registration (application) in Microsoft Entra ID. Instead of updating the whole application object, this cmdlet adds a reference to a user or service principal as an owner.

🚀 Community Edition Released!

Try the M365Corner Microsoft 365 Reporting Tool — your DIY pack with 20+ out-of-the-box M365 reports for Users, Groups, and Teams.

Why Use New-MgApplicationOwnerByRef?

Administrators use this cmdlet to automate owner management for app registrations, especially in enterprise environments where apps are created and governed at scale. It helps you:

  • Quickly add owners without visiting the Entra admin center.
  • Standardize app ownership across Dev/Test/Prod environments.
  • Automate governance tasks like rotating or assigning new app owners.
  • Support CI/CD pipelines where application setup is scripted end-to-end.

Prerequisites

Before running the cmdlet:

  1. Install the Microsoft Graph PowerShell module (if not already installed):
    2. Install-Module Microsoft.Graph -Scope CurrentUser
  2. Connect to Microsoft Graph with the right permissions:
    3. Connect-MgGraph -Scopes "Application.ReadWrite.All"
  3. Ensure you have the Application ID and the User ID(s) of the owners you want to assign.

How to use New-MgApplicationOwnerByRef?

Basic syntax:

New-MgApplicationOwnerByRef -ApplicationId <String> -BodyParameter <Hashtable>
  • -ApplicationId is the App Registration (Object) ID.
  • -BodyParameter must include the owner’s directory object reference in the @odata.id URL format.

New-MgApplicationOwnerByRef Examples

  • Example 1: Assigning a Single Owner to an Application

    • To assign a single owner to an application, you need to provide the Application ID and the User ID of the new owner. The User ID must be passed in the correct URL format.

    $NewOwner = @{
    "@odata.id"= "https://graph.microsoft.com/v1.0/directoryObjects/075b32dd-edb7-47cf-89ef-f3f733683a3f"
}
New-MgApplicationOwnerByRef -ApplicationId "1a2b3c4d-5678-90ab-cdef-1234567890ab" -BodyParameter $NewOwner
  • Example 2: Assigning Multiple Owners via CSV Import

    • You can also assign multiple owners by importing User IDs from a CSV file and iterating over each ID.

    Sample CSV File (Owners.csv):

    UserId
075b32dd-edb7-47cf-89ef-f3f733683a3f
12345678-1234-1234-1234-1234567890ab

    PowerShell Script:

    $ApplicationId = "1a2b3c4d-5678-90ab-cdef-1234567890ab"
$Owners = Import-Csv -Path "C:\Path\To\Owners.csv"

foreach ($Owner in $Owners) {
    $NewOwner = @{
        "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$($Owner.UserId)"
    }
    New-MgApplicationOwnerByRef -ApplicationId $ApplicationId -BodyParameter $NewOwner
}

Summary

Key Point Details
Cmdlet Name New-MgApplicationOwnerByRef
Purpose Adds one or more owners to an existing app registration in Microsoft Entra ID
Required Scope Application.ReadWrite.All
Primary Parameters ApplicationId, BodyParameter
Input Format Owner must be passed using @odata.id reference URL
Automation Benefit Enables bulk, scripted ownership assignment for governance and CI/CD setups
Common Use Case Assigning app owners during automated app registration or compliance audits

Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.

Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.

© Your Site Name. All Rights Reserved. Design by HTML Codex