M365Corner
M365 PowerShell

Using New-MgApplication in Graph PowerShell

The New-MgApplication cmdlet in Microsoft Graph PowerShell is a powerful tool for creating applications in Azure Active Directory (Azure AD). This cmdlet allows administrators to automate the creation of applications, which can be essential for managing and deploying applications at scale. In this article, we will delve into the syntax, usage examples, tips, use cases, and potential errors and solutions for the New-MgApplication cmdlet.


Prerequisites

  • Microsoft Graph PowerShell Module: Ensure you have the Microsoft Graph PowerShell module installed. You can install it using the following command: 
    Install-Module Microsoft.Graph -Scope CurrentUser
  • Permissions: You need the appropriate permissions to execute the New-MgApplication cmdlet. The required Graph API permission is: Application.ReadWrite.All

Cmdlet Syntax

The syntax for the New-MgApplication cmdlet is as follows:

New-MgApplication -DisplayName <String>

Usage Examples

Example 1: Create a Basic Application

New-MgApplication -DisplayName "My New App"

This command creates a new application with the display name "My New App".


Example 2: Create an Application with Required Resource Access

$requiredResourceAccess = @{
    ResourceAppId = "00000003-0000-0000-c000-000000000000"
    ResourceAccess = @(
        @{ Id = "5778995d-ea1b-4c96-8554-4c13b5c7a61a"; Type = "Scope" }
    )
}

New-MgApplication -DisplayName "App with API Permissions" -RequiredResourceAccess $requiredResourceAccess

This command creates an application with specified API permissions. The ResourceAppId is the ID of the resource application, and the ResourceAccess specifies the permissions required. In the example, resource (ResourceAppId) is Microsoft Graph API and ResourceAccess is the ID of the permission scope needed for the app to access Graph API.


Using Get-MgApplication to check for created applications

You can execute Get-MgApplication cmdlet to check for the newly created applications.


Cmdlet Tips

  • Use Descriptive Display Names: Always use a descriptive display name for your applications to easily identify them later.
  • Manage Credentials Securely: Avoid hardcoding passwords. Use secure methods to manage credentials such as Azure Key Vault.
  • Define Required Resource Access Properly: Ensure the ResourceAppId and ResourceAccess are correctly specified to grant the necessary permissions to your application.

Use Cases

  • Automated Application Deployment: Automate the creation of applications during the deployment process to ensure consistency and save time.
  • Bulk Application Creation: Create multiple applications programmatically for large environments or for testing purposes.
  • Consistent Configuration: Ensure applications are created with consistent configurations by using predefined templates or scripts.

Possible Errors & Solutions

Error: Insufficient Privileges

Issue: Insufficient privileges to complete the operation.

Solution: Ensure you have the necessary permissions to create applications in Azure AD. You may need to be an Azure AD admin or have appropriate role assignments.


Error: Invalid Identifier URIs

Issue: The identifierUris property is invalid.

Solution: Verify that the URIs specified in the -IdentifierUris parameter are valid and unique within the directory.


Error: Required Resource Access Not Found

Issue: The resource access ID is not valid.

Solution: Check the ResourceAppId and ResourceAccess parameters to ensure they are correct and the specified resource exists.


Frequently Asked Questions

1. What is New-MgApplication used for?

New-MgApplication is a Microsoft Graph PowerShell cmdlet used to create Azure AD applications. These applications are often required for integrating with Microsoft 365 services or other systems.

2. What permissions are required to create Azure AD applications?

You need the Application.ReadWrite.All permission in Microsoft Graph PowerShell. Ensure appropriate permissions are granted in Azure AD.

3. What’s the difference between New-MgApplication and creating an app via the Azure Portal?

Both methods achieve the same outcome — registering an application in Azure AD.

  • The Azure Portal provides a GUI-based experience, suitable for one-time manual registrations.
  • New-MgApplication allows you to automate app creation, which is ideal for bulk operations, CI/CD pipelines, or scripting repeatable deployments.

Using Graph PowerShell is especially useful for DevOps teams, automated testing, or deploying multiple app instances with predefined settings.

4. Can I assign permissions or secrets while creating the app using New-MgApplication?

Yes, you can pass permissions and secrets during creation by including them in the -BodyParameter hashtable. However, in practice, many admins choose to:

  • First use New-MgApplication to create the base app.
  • Then use Add-MgServicePrincipal, Add-MgApplicationPassword, or Update-MgApplication to assign permissions or add credentials post-creation.

This modular approach provides better clarity and separates responsibilities like app identity creation, permission management, and credential provisioning.


Create New Application Using Microsoft Entra Admin Center (formerly Azure AD Admin Center)

  1. Login into Microsoft 365 Admin Center
  2. Select Identity (Microsoft Entra Admin Center) from Admin Centers
    3. Image shows how to access Microsoft Entra Admin center from Microsoft Admin Center hub.
  3. Select Identity >> Applications >> App Registrations
    4. Image shows how to access app registrations page in Microsoft Entra Admin center
  4. Enter the app details like the app name, who can use the app, redirect URI and click register.
    5. Image shows how to register a new application in Microsoft Entra Admin center.

Conclusion

The New-MgApplication cmdlet is a versatile and powerful tool for creating applications in Azure AD. By understanding its syntax, usage, and potential pitfalls, you can leverage this cmdlet to automate and streamline application management in your environment. Whether you're deploying a single application or managing a large-scale Azure AD setup, New-MgApplication provides the functionality needed to achieve your goals efficiently.

For more detailed information and examples, refer to the official Microsoft documentation: New-MgApplication


Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell
Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex