Create and delete Azure App Regs – Manage Azure App Reg with PowerShell and MSGRAPH API – Part 1

In this Blog Post, I am trying to explain how to use PowerShell and MS GRPAH API to create and delete Azure App Registrations. as you maybe know, I like automation, and I often do this with Azure. For this, you need an Azure App Registration to Authenticate, so why not automate the Azure App Registration creation and Life Cycle Process?

So that is the Reason for this Blog Post Series with 4 Parts

  • Part 1: Create and delete Azure App Regs – LINK
  • Part 2: Control Secrets in Azure App Reg – LINK
  • Part 3: Add and Remove Permission in Azure App Reg – LINK
  • Part 4: Self-Service Azure App Registration with au2mator – TBP

So, we need an Azure App Registration with the appropriate Permissions for everything we would like to do here. I will not explain how to create an App Reg and set Permissions. You can check my Blog Series about that here: Use Microsoft Graph API with PowerShell – Part 1 – TechGuy

Prerequisites

So, let’s create an Azure App Reg with the following Details. You can change the Name in your Environment. In this Series, I will refer to the following Details.

  • Name: PROD: APP Reg Managament
  • Secret: created
  • Permissions
    • MS GRAPH API – Application
      • Application.ReadWrite.OwnedBy
      • Application.ReadWrite.All

With the created App Registration in Azure, we can go through the Script

The Script – Create an Azure App Registration

We will walk through the Script and explain a little. Finally, there is a link to my GitHub Repo with the Full Script.

Details and Parameters. At the beginning of the Script, we set the Azure App Reg Details and the Authentication Details.

# Reference: https://docs.microsoft.com/en-us/graph/api/application-post-applications?view=graph-rest-1.0&tabs=http

#Application Permission:
#- Application.ReadWrite.OwnedBy
#- Application.ReadWrite.All



#Graph API Details
$MSGRAPHAPI_clientID = 'your Client ID'
$MSGRAPHAPI_tenantId = 'your Tenant ID'
$MSGRAPHAPI_Clientsecret = 'your Secret'

$MSGRAPHAPI_BaseURL = "https://graph.microsoft.com/v1.0"




#Enter Azure App Details
$AzureAppName = "TestApp1"
$AzureAppAccountType = "AzureADMyOrg" #https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#signinaudience-attribute

The following Part is the Azure authentication and building the Auth Header.


#Auth MS Graph API and Get Header
$MSGRAPHAPI_tokenBody = @{  
    Grant_Type    = "client_credentials"  
    Scope         = "https://graph.microsoft.com/.default"  
    Client_Id     = $MSGRAPHAPI_clientID  
    Client_Secret = $MSGRAPHAPI_Clientsecret  
}   
$MSGRAPHAPI_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$MSGRAPHAPI_tenantId/oauth2/v2.0/token" -Method POST -Body $MSGRAPHAPI_tokenBody  
$MSGRAPHAPI_headers = @{
    "Authorization" = "Bearer $($MSGRAPHAPI_tokenResponse.access_token)"
    "Content-type"  = "application/json"
}

In the Last Part, we build our Body in JSON Format, trigger a POST Method, and get the “Client ID” as a Result.


#Create Azure App Reg
$CreateAzureAppReg_Body = @"
    {
        "displayName":"$AzureAppName",
        "signInAudience": "$AzureAppAccountType",
        "web": {
            "redirectUris": [],
            "homePageUrl": null,
            "logoutUrl": null,
            "implicitGrantSettings": {
                "enableIdTokenIssuance": false,
                "enableAccessTokenIssuance": false
            }
        }
    }
"@

$CreateAzureAppReg_Params = @{
    Method = "POST"
    Uri    = "$MSGRAPHAPI_BaseURL/applications"
    header = $MSGRAPHAPI_headers
    Body   = $CreateAzureAppReg_Body
}


$Result = Invoke-RestMethod @CreateAzureAppReg_Params

$Result.appId #ClientID

The Script – Delete an Azure App Registration

So, as we have created an Azure App Registration, we now want to delete that again to clean up.

So we start with the Beginning, where we configure Authentication Details and the App Name.



#Graph API Details
$MSGRAPHAPI_clientID = 'your Client ID'
$MSGRAPHAPI_tenantId = 'your Tenant ID'
$MSGRAPHAPI_Clientsecret = 'your Secret'

$MSGRAPHAPI_BaseURL = "https://graph.microsoft.com/v1.0"




#Enter Azure App Details
$AzureAppName = "TestApp1"

Next, we toe the Authentication, that’s always the same.


#Auth MS Graph API and Get Header
$MSGRAPHAPI_tokenBody = @{  
    Grant_Type    = "client_credentials"  
    Scope         = "https://graph.microsoft.com/.default"  
    Client_Id     = $MSGRAPHAPI_clientID  
    Client_Secret = $MSGRAPHAPI_Clientsecret  
}   
$MSGRAPHAPI_tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$MSGRAPHAPI_tenantId/oauth2/v2.0/token" -Method POST -Body $MSGRAPHAPI_tokenBody  
$MSGRAPHAPI_headers = @{
    "Authorization" = "Bearer $($MSGRAPHAPI_tokenResponse.access_token)"
    "Content-type"  = "application/json"
}

Now the exciting part. With the APP Name, we need to get the App ID before we can delete the APP.


#Find API ID by Name
$FindAzureAppReg_Params = @{
    Method = "GET"
    Uri    = "$MSGRAPHAPI_BaseURL/applications?`$filter=displayName eq '$AzureAppName'"
    header = $MSGRAPHAPI_headers
}

#Store App ID in the Variable
$Result = Invoke-RestMethod @FindAzureAppReg_Params



#Delete Azure App Reg
$DeleteAzureAppReg_Params = @{
    Method = "DELETE"
    Uri    = "$MSGRAPHAPI_BaseURL/applications/$($Result.value.id)"
    header = $MSGRAPHAPI_headers
}


$Result = Invoke-RestMethod @DeleteAzureAppReg_Params

Summary

So we can now create and delete an Azure App Registration with PowerShell and MSGRAPH API. Next will be to add or remove Secrets and/or remove Permissions. See the next Post on Top of the Page.

GitHub

See the Script in GitHub: https://github.com/Seidlm/Microsoft-Azure
– Delete Azure App Registration.ps1
– Create Azure App Registration.ps1

Michael Seidl aka Techugy
au2mate everything

1 thought on “Create and delete Azure App Regs – Manage Azure App Reg with PowerShell and MSGRAPH API – Part 1”

  1. Pingback: Add and Remove Permission in Azure App Reg - Manage Azure App Reg with PowerShell and MSGRAPH API - Part 3 - TechGuy

Leave a Comment

Your email address will not be published. Required fields are marked *

*