Share via

How to add an enterprise app from an existing multiple tenants app register with Azure CLI or Powershell?

Tran Anh Xuan 20 Reputation points
2024-06-22T02:12:07.8766667+00:00

I have a multi-tenant application deployed and I want to add it to another tenant using azure cli or powershell.

I followed the instructions here https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/create-service-principal-cross-tenant?pivots=azure-cli, but got the error "Insufficient privileges to complete the operation".

What did I do wrong and what additional permissions do I need to be able to run it?

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
37,782 questions
0 comments
Accepted answer
  1. William 620 Reputation points
    2024-06-22T02:38:56.5066667+00:00

    Adding an enterprise app from an existing multi-tenant app registration to another tenant involves creating a service principal in the target tenant.

    The error message "Insufficient privileges to complete the operation" typically indicates that your account lacks the necessary permissions to create a service principal in the target tenant. By ensuring you have the required permissions and using either the Azure AD or Microsoft Graph PowerShell modules, you should be able to successfully create a service principal for your multi-tenant application in the target tenant.

    Steps to Create a Service Principal in Another Tenant

    Connect to the Target Tenant:

    • Use the Azure AD PowerShell module or Azure CLI to connect to the target tenant. For PowerShell, replace <TenantId> with the GUID of the target tenant:
       powershellCopy code
   Connect-AzureAD -TenantId "<TenantId>"

    Create the Service Principal:

      - Run the following command to create the service principal using the application ID of your multi-tenant application:
  
  ```yaml
  powershellCopy code
  New-AzureADServicePrincipal -AppId "<ApplicationId>"
  ```
  
     - Replace `<ApplicationId>` with the client/application ID of your multi-tenant application.
     
     **Alternatively, Use Microsoft Graph:**
     
        - If you encounter issues, consider using the Microsoft Graph PowerShell module. You can create the application directly using:
        
        ```yaml
        powershellCopy code
        New-MgServicePrincipal -AppId "<ApplicationId>"
        ```
        
        **Check Permissions:**
        
           - Ensure that your account has the necessary permissions in the target tenant. You might need to be a global administrator or have specific permissions to create service principals.
           
           **Update AzureAD Module:**
           
              - Make sure you’re using an up-to-date version of the AzureAD PowerShell module. If needed, update the module using:
              
              ```yaml
              powershellCopy code
              Update-Module -Name AzureAD -Force
              ```

    Remember to replace <TenantId> and <ApplicationId> with the actual values from your environment. For more detailed instructions official Microsoft documentation.

    If this answer solves your issue, please vote for it so other community members know that this is a quality answer.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest