M365Corner
M365 PowerShell

Using New-MgServicePrincipal in Graph PowerShell

The New-MgServicePrincipal cmdlet is a powerful tool in the Microsoft Graph PowerShell module enabling administrators to create new service principals within the Microsoft 365 directory. This article delves into the syntax, usage example, tips, use cases, common errors and solutions relating to the cmdlet.


Prerequisites

  • Microsoft Graph PowerShell Module: Ensure you have the Microsoft Graph PowerShell module installed. You can install it using: 
    Install-Module Microsoft.Graph -Scope CurrentUser
  • API Permissions: To run the New-MgServicePrincipal cmdlet, the following API permissions are required:
    • Application.ReadWrite.All: Allows the app to read and write all applications without a signed-in user.
    • Directory.ReadWrite.All: Allows the app to read and write data in your organization's directory, such as users, groups, and apps without a signed-in user.
    • Application.ReadWrite.OwnedBy: Allows the app to read and write applications and service principals that it owns without a signed-in user.
    Ensure these permissions are granted in the Azure portal.

Cmdlet Syntax

New-MgServicePrincipal -BodyParameter <Object>

Usage Example

Here’s a straightforward example of creating a new service principal using the cmdlet:

$ServicePrincipalID = @{
    "AppId" = "fc876dd1-6bcb-4304-b9b6-18ddf1526b62"
}

New-MgServicePrincipal -BodyParameter $ServicePrincipalID | Format-List id DisplayName AppId SignInAudience

This script creates a service principal with the specified AppId and then formats the output to list key properties.

Expected Output:

Id             : ac483a5f-f291-4499-8a62-058547724579
DisplayName    : Example App
AppId          : ffdf268a-2fe2-49e1-8cd7-66ecb61641ec
SignInAudience : AzureADandPersonalMicrosoftAccount

Cmdlet Tips

  • JSON Body Parameter: The -BodyParameter expects a hash table or JSON object containing the necessary attributes for the service principal. Ensure that the JSON is well-formed.
  • Permissions: The user running this cmdlet must have appropriate permissions in Azure AD to create service principals.
  • Property Expansion: Use the Format-List or Select-Object cmdlets to view specific properties of the newly created service principal.

Use Cases

  • Application Integration: Creating service principals for applications that need to authenticate and access Azure or Microsoft 365 resources.
  • Automation: Enabling scripts and automation tools to securely access resources without user interaction.
  • Role Assignment: Assigning specific roles and permissions to applications adhering to the principle of least privilege.

Possible Errors & Solutions

Insufficient Permissions:

Error: Authorization_RequestDenied

Solution: Ensure the user has the necessary Azure AD permissions to create service principals.

Invalid AppId:

Error: Request_BadRequest

Solution: Verify that the AppId provided in the -BodyParameter is correct and corresponds to a registered application.

Malformed JSON:

Error: Invalid request

Solution: Check the JSON structure in the -BodyParameter for syntax errors and ensure all required fields are included.


Conclusion

The New-MgServicePrincipal cmdlet is essential for managing application identities within an Azure AD tenant. By understanding its syntax, usage, and handling common errors, M365 administrators can leverage this cmdlet to enhance security, automate tasks, and integrate applications efficiently.


Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell
Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex