New-AzureADServicePrincipal

This article provides migration details from New-AzureADServicePrincipal command to Microsoft Graph PowerShell.

Summary

Permissions

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Application.ReadWrite.All Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported. Not supported.
Application Application.ReadWrite.OwnedBy Application.ReadWrite.All, Directory.ReadWrite.All

View more details on permissions.

For multi-tenant apps, the calling user must also be in one of the following Microsoft Entra roles:

  • Application Administrator
  • Cloud Application Administrator roles

For single-tenant apps where the calling user is a non-admin user but is the owner of the backing application, the user must have the Application Developer role.

Property Mapping

Azure AD Name Microsoft Graph Name
AccountEnabled AccountEnabled
AlternativeNames AlternativeNames
AppId AppId
AppRoleAssignmentRequired AppRoleAssignmentRequired
ErrorUrl NA
Homepage Homepage
KeyCredentials KeyCredentials
LogoutUrl LogoutUrl
PasswordCredentials PasswordCredentials
PublisherName NA
ReplyUrls ReplyUrls
DisplayName DisplayName
SamlMetadataUrl NA
ServicePrincipalNames ServicePrincipalNames
ServicePrincipalType ServicePrincipalType
Tags Tags