New-AzureADMSApplication

Module:: AzureAD Module

Creates (registers) a new application object.

Syntax

Default (Default)

New-AzureADMSApplication
    [-AddIns <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AddIn]>]
    [-Api <ApiApplication>]
    [-AppRoles <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]>]
    [-GroupMembershipClaims <String>]
    [-IsDeviceOnlyAuthSupported <Boolean>]
    [-IsFallbackPublicClient <Boolean>]
    [-IdentifierUris <System.Collections.Generic.List`1[System.String]>]
    -DisplayName <String>
    [-InformationalUrl <InformationalUrl>]
    [-KeyCredentials <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]>]
    [-OptionalClaims <OptionalClaims>]
    [-ParentalControlSettings <ParentalControlSettings>]
    [-PasswordCredentials <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]>]
    [-PublicClient <PublicClientApplication>]
    [-RequiredResourceAccess <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]>]
    [-SignInAudience <String>]
    [-Tags <System.Collections.Generic.List`1[System.String]>]
    [-TokenEncryptionKeyId <String>]
    [-Web <WebApplication>]
    [<CommonParameters>]

Description

Creates (registers) a new application object.

Examples

Example 1: Create an application

PS C:\>New-AzureADMSApplication -DisplayName "My new application"  -IdentifierUris "http://mynewapp.contoso.com"

          ObjectId                             AppId                                DisplayName
          --------                             -----                                -----------
          acd10942-5747-4385-8824-4c5d5fa904f9 b5fecfab-0ea2-4fd1-8570-b2c41b3d5149 My new application

This command creates an application in Azure AD.

Example 2: Create an application

PS C:\>New-AzureADMSApplication `
          -DisplayName "my name" `
          -AddIns @{ Type = "mytype"; Properties = [PSCustomObject]@{ Key = "key"; Value = "value" } } `
          -Api @{ AcceptMappedClaims = $true } `
          -AppRoles @{ Id = "21111111-1111-1111-1111-111111111111"; DisplayName = "role"; AllowedMemberTypes = "User"; Description = "mydescription"; Value = "myvalue" } `
          -InformationalUrl @{ SupportUrl = "https://mynewapp.contoso.com/support.html" } `
          -IsDeviceOnlyAuthSupported $false `
          -IsFallbackPublicClient $false `
          -KeyCredentials @{ KeyId = "aaaaaaaa-0b0b-1c1c-2d2d-333333333333"; Usage = "Encrypt"; Key = {cert}; Type = "AsymmetricX509Cert" } `
          -OptionalClaims @{ IdToken = [PSCustomObject]@{ Name = "claimName"; Source = "claimSource" } } `
          -ParentalControlSettings @{ LegalAgeGroupRule = "Block" } `
          -PublicClient @{ RedirectUris = "https://mynewapp.contoso.com/" } `
          -RequiredResourceAccess @{ ResourceAppId = "00001111-aaaa-2222-bbbb-3333cccc4444"; ResourceAccess = [PSCustomObject]@{ Type = "Scope" } } `
          -SignInAudience AzureADandPersonalMicrosoftAccount `
          -Tags "mytag" `
          -TokenEncryptionKeyId "aaaaaaaa-0b0b-1c1c-2d2d-333333333333" `
          -Web @{ LogoutUrl = "https://mynewapp.contoso.com/logout.html" } `
          -GroupMembershipClaims "SecurityGroup" `
          -PasswordCredentials {passwordcredentials}

          Id                        : 6a32197d-6f56-4980-b127-8f0bff362245
          OdataType                 :
          AddIns                    : {class AddIn {
          Id: 4bd3715c-f089-4e88-9619-c34af1fb9519
          Type: mytype
          Properties: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyValue]
          }
          }
          Api                       : class ApiApplication {
          AcceptMappedClaims:
          KnownClientApplications:
          PreAuthorizedApplications:
          RequestedAccessTokenVersion: 2
          Oauth2PermissionScopes:
          System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PermissionScope]

          AppId                     : 00001111-aaaa-2222-bbbb-3333cccc4444
          ApplicationTemplateId     :
          AppRoles                  : {class AppRole {
          AllowedMemberTypes: System.Collections.Generic.List`1[System.String]
          Description: mydescription
          DisplayName: role
          Id: 21111111-1111-1111-1111-111111111111
          IsEnabled: True
          Origin: Application
          Value: myvalue
          }
          }
          GroupMembershipClaims     : SecurityGroup
          IsDeviceOnlyAuthSupported : False
          IsFallbackPublicClient    : False
          IdentifierUris            : {}
          CreatedDateTime           :
          DeletedDateTime           :
          DisplayName               : my name
          Info                      : class InformationalUrl {
          TermsOfServiceUrl:
          MarketingUrl:
          PrivacyStatementUrl:
          SupportUrl: https://mynewapp.contoso.com/support.html
          LogoUrl:
          }

          KeyCredentials            : {class KeyCredential {
          CustomKeyIdentifier: System.Byte[]
          DisplayName:
          EndDateTime:
          KeyId: aaaaaaaa-0b0b-1c1c-2d2d-333333333333
          StartDateTime:
          Type: AsymmetricX509Cert
          Usage: Encrypt
          Key:
          }
          }
          OptionalClaims            : class OptionalClaims {
          IdToken: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.OptionalClaim]
          AccessToken:
          System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.OptionalClaim]
          Saml2Token: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.OptionalClaim]
          }

          ParentalControlSettings   : class ParentalControlSettings {
          CountriesBlockedForMinors: System.Collections.Generic.List`1[System.String]
          LegalAgeGroupRule: BlockMinors
          }

          PasswordCredentials       : {}
          PublicClient              : class PublicClientApplication {
          RedirectUris: System.Collections.Generic.List`1[System.String]
          }

          PublisherDomain           :
          RequiredResourceAccess    : {class RequiredResourceAccess {
          ResourceAppId: 00001111-aaaa-2222-bbbb-3333cccc4444
          ResourceAccess:
          System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ResourceAccess]
          }
          }
          SignInAudience            : AzureADandPersonalMicrosoftAccount
          Tags                      : {mytag}
          TokenEncryptionKeyId      : aaaaaaaa-0b0b-1c1c-2d2d-333333333333
          Web                       : class WebApplication {
          HomePageUrl:
          LogoutUrl: https://mynewapp.contoso.com/logout.html
          RedirectUris: System.Collections.Generic.List`1[System.String]
          ImplicitGrantSettings: class ImplicitGrantSettings {
          EnableIdTokenIssuance: False
          EnableAccessTokenIssuance: False
          }

          }

This command creates an application in Azure AD.

Parameters

-AddIns

Defines custom behavior that a consuming service can use to call an app in specific contexts. For example, applications that can render file streams may set the addIns property for its "FileHandler" functionality. This will let services like Office 365 call the application in the context of a document the user is working on.

Parameter properties

Type:	List<T>[Microsoft.Open.MSGraph.Model.AddIn]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Api

Specifies settings for an application that implements a web API.

Parameter properties

Type:	ApiApplication
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-AppRoles

The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals.

Parameter properties

Type:	List<T>[Microsoft.Open.MSGraph.Model.AppRole]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisplayName

Specifies the display name of the application.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-GroupMembershipClaims

Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-IdentifierUris

User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain (see "Domains" tab in the Azure classic portal) if the application is multi-tenant.

The first element is populated from the Web application's "APP ID URI" field if updated via the Azure classic portal (or respective Azure AD PowerShell cmdlet parameter). Additional URIs can be added via the application manifest; see Understanding the Azure AD Application Manifest for details. This collection is also used to populate the Web application's servicePrincipalNames collection.

Parameter properties

Type:	List<T>[String]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InformationalUrl

Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience.

Parameter properties

Type:	InformationalUrl
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-IsDeviceOnlyAuthSupported

Specifies if the application supports authentication using a device token.

Parameter properties

Type:	Boolean
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-IsFallbackPublicClient

Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false which means the fallback application type is confidential client such as web app. There are certain scenarios where Azure AD cannot determine the client application type (e.g. ROPC flow where it is configured without specifying a redirect URI). In those cases Azure AD will interpret the application type based on the value of this property.

Parameter properties

Type:	Boolean
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-KeyCredentials

The collection of key credentials associated with the application

Parameter properties

Type:	List<T>[Microsoft.Open.MSGraph.Model.KeyCredential]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-OptionalClaims

Application developers can configure optional claims in their Azure AD apps to specify which claims they want in tokens sent to their application by the Microsoft security token service.

Parameter properties

Type:	OptionalClaims
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ParentalControlSettings

Specifies parental control settings for an application.

Parameter properties

Type:	ParentalControlSettings
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PasswordCredentials

The collection of password credentials associated with the application

Parameter properties

Type:	List<T>[Microsoft.Open.MSGraph.Model.PasswordCredential]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PublicClient

Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.

Parameter properties

Type:	PublicClientApplication
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-RequiredResourceAccess

Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience.

Parameter properties

Type:	List<T>[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SignInAudience

Specifies what Microsoft accounts are supported for the current application.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Tags

Custom strings that can be used to categorize and identify the application.

Parameter properties

Type:	List<T>[String]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-TokenEncryptionKeyId

Specifies the keyId of a public key from the keyCredentials collection. When configured, Azure AD encrypts all the tokens it emits by using the key this property points to. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Web

Specifies settings for a web application.

Parameter properties

Type:	WebApplication
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Share via

New-AzureADMSApplication

Syntax

Default (Default)

Description

Examples

Example 1: Create an application

Example 2: Create an application

Parameters

-AddIns

Parameter properties

Parameter sets

-Api

Parameter properties

Parameter sets

-AppRoles

Parameter properties

Parameter sets

-DisplayName

Parameter properties

Parameter sets

-GroupMembershipClaims

Parameter properties

Parameter sets

-IdentifierUris

Parameter properties

Parameter sets

-InformationalUrl

Parameter properties

Parameter sets

-IsDeviceOnlyAuthSupported

Parameter properties

Parameter sets

-IsFallbackPublicClient

Parameter properties

Parameter sets

-KeyCredentials

Parameter properties

Parameter sets

-OptionalClaims

Parameter properties

Parameter sets

-ParentalControlSettings

Parameter properties

Parameter sets

-PasswordCredentials

Parameter properties

Parameter sets

-PublicClient

Parameter properties

Parameter sets

-RequiredResourceAccess

Parameter properties

Parameter sets

-SignInAudience

Parameter properties

Parameter sets

-Tags

Parameter properties

Parameter sets

-TokenEncryptionKeyId

Parameter properties

Parameter sets

-Web

Parameter properties

Parameter sets

CommonParameters

Inputs

Boolean

Microsoft.Open.MSGraph.Model.ApiApplication

Microsoft.Open.MSGraph.Model.InformationalUrl

Microsoft.Open.MSGraph.Model.OptionalClaims

Microsoft.Open.MSGraph.Model.ParentalControlSettings

Microsoft.Open.MSGraph.Model.PublicClientApplication

Microsoft.Open.MSGraph.Model.WebApplication

String

List<T>

List<T>

List<T>

List<T>