PowerShell Script
Bulk add new roles to application registration in azure. Update $roles with ,User
# Requires: Microsoft.Graph.Applications module
# Connect to Microsoft Graph with sufficient permissions (e.g., Application.ReadWrite.All)
Connect-MgGraph -scope "application.readwrite.all" -TenantId "<Tenant-ID>"
# Variables
$AppId = "<App-ID>" # ObjectId of the Azure AD Application
$roles = @"
value,allowedMemberTypes
Group1,User
Group2,User
"@ | ConvertFrom-Csv
$roles = $roles | ForEach-Object {
[PSCustomObject]@{
displayName = $_.value
description = $_.value
value = $_.value
allowedMemberTypes = $_.allowedMemberTypes -split ";"
}
}
# Get the application
$app = Get-MgApplication -ApplicationId $AppId
# Add new roles
$newRoles = @()
foreach ($role in $roles) {
$appRole = [Microsoft.Graph.PowerShell.Models.MicrosoftGraphAppRole]::new()
$appRole.Id = [guid]::NewGuid()
$appRole.DisplayName = $role.displayName
$appRole.Description = $role.description
$appRole.Value = $role.value
$appRole.AllowedMemberTypes = $role.allowedMemberTypes
$appRole.IsEnabled = $true
$appRole.Origin = "Application"
$newRoles += $appRole
}
# Combine existing roles
$allRoles = @($app.AppRoles) + $newRoles
Update-MgApplication -ApplicationId $AppId -AppRoles $allRoles
Write-Host "Roles added successfully."
