Embedded Files
Azure AD Application Registration Using Azure Cloud Shell
Azure AD Application Registration Using Azure Cloud Shell
Prerequisites:
User performing these steps requires global admin rights
Use the following link to Launch Cloud Shell.
Login with a Global Admin account.
Select PowerShell when prompted
If prompted to do so, create a cloud storage account. The storage account is only used during the creation of the App Registration.
Due to a documented bug (https://github.com/Azure/azure-cli/issues/11749), you must login again by entering 'az login'
When prompted, enter the code returned by az login
Return to the PowerShell prompt in Cloud Shell
Enter the following script to create an Azure AD App Registration.
The sample code will create an App with the name, "bi_for_intune" however, to change the app name, you can edit the script before running it.
The same code sets the password validity period for 5 years. You may customize this to your liking. Please see the following Microsoft documentation: https://docs.microsoft.com/en-us/cli/azure/ad/app/credential?view=azure-cli-latest#az-ad-app-credential-reset
Attention: Depending of your browser, copy and paste the code below can add extra line. Make sure there are no empty lines before running this code.
### Edit $appName to make the Azure AD App name to match your preferences ###
$appName = "bi_for_intune"
$app = az ad app list --filter "DisplayName eq '$($appName)'"
if(($app | ConvertFrom-Json).Count -gt 0)
{
$app0 = ($app | ConvertFrom-Json)[0]
$appId = $app0.appId
#Delete old permissions
az ad app permission delete --id $appId --api 00000003-0000-0000-c000-000000000000
}else{
$app = az ad app create --display-name $appName
$appId = ($app | ConvertFrom-Json).appId
}
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 7ab1d382-f21e-4acd-a863-ba3e13f7da61=Role
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions b0afded3-3588-46d8-8b3d-9842eff778da=Role
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 06a5fe6d-c49d-46a7-b082-56b1b14103c7=Role
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 58ca0d9a-1575-47e1-a3cb-007ef2e4583b=Role
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 2f51be20-0bb4-4fed-bf7b-db946066c75e=Role
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 7a6ee1e7-141e-4cec-ae74-d9db155731ff=Role
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions dc377aa6-52d8-4e23-b271-2a7ae04cedf3=Role
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 246dd0d5-5bd0-4def-940b-0421030a5b68=Role
az ad app permission add --id $appId --api 00000003-0000-0000-c000-000000000000 --api-permissions 230c1aed-a721-4c5d-9cb4-a90514e508ef=Role
az ad app permission admin-consent --id $appId
az ad app credential reset --id $appId --credential-description "Primary" --years 5
Read-Host -Prompt "Press Enter to exit"
Upon successful completion the script will return an App ID, name, password, and tenant ID. It is VERY important that you record this information. The password cannot be retrieved once you've closed out of Cloud Shell.
Record the values as follows:
appId: Referred to as the 'ClientID' later in this documentation.
password: Referred to as 'Secret Key' later in this documentation.
tenant: Referred to as 'Azure Tenant ID' later in this documentation.
Re-running the script will generate a new password as well as extend the credential validity period. Ensure that you make note of the password each time that the script is run.
Report abuse