Tuesday, September 2, 2025

Powershell: Microsoft Graph to add new roles to application registration

PowerShell Script 
 Bulk add new roles to application registration in azure. Update $roles with ,User
 
# Requires: Microsoft.Graph.Applications module
# Connect to Microsoft Graph with sufficient permissions (e.g., Application.ReadWrite.All)
Connect-MgGraph -scope  "application.readwrite.all" -TenantId "<Tenant-ID>"
# Variables
$AppId = "<App-ID>" # ObjectId of the Azure AD Application

$roles = @"
value,allowedMemberTypes
Group1,User
Group2,User
"@ | ConvertFrom-Csv

$roles = $roles | ForEach-Object {
    [PSCustomObject]@{
        displayName = $_.value
        description = $_.value
        value = $_.value
        allowedMemberTypes = $_.allowedMemberTypes -split ";"
    }
}

# Get the application
$app = Get-MgApplication -ApplicationId $AppId

# Add new roles 
$newRoles = @()
foreach ($role in $roles) {
    $appRole = [Microsoft.Graph.PowerShell.Models.MicrosoftGraphAppRole]::new()
    $appRole.Id = [guid]::NewGuid()
    $appRole.DisplayName = $role.displayName
    $appRole.Description = $role.description
    $appRole.Value = $role.value
    $appRole.AllowedMemberTypes = $role.allowedMemberTypes
    $appRole.IsEnabled = $true
    $appRole.Origin = "Application"
    $newRoles += $appRole
}

# Combine existing roles
$allRoles = @($app.AppRoles) + $newRoles

Update-MgApplication -ApplicationId $AppId -AppRoles $allRoles

Write-Host "Roles added successfully."
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Powershell: Microsoft Graph to add new roles to application registration

PowerShell Script Bulk add new roles to application registration in azure. Update $roles with ,Us...