PowerShell command to enable the "MSAL Only" Redirect URI

Question

I am creating a PowerShell script to register an application.
The app is created using
New-AzureADMSApplication -DisplayName $appName -SignInAudience AzureADMultipleOrgs -PublicClient @{ RedirectUris = $replyURI }
I need to have both the RedirectUri and the "MSAL Only" URI.

How can I achieve this?

I prefer not to use the Graph API if possible.

Thanks

Answer 1

Hello @Pablo Glomby ,

Thanks for reaching out and sorry for delayed response.

The "MSAL Only" Redirect URI must be in the form of msal.[app_id]://auth [ Ex: msal2e847051-973b-4343-8566-01ab9fce590c://auth ] hence we need to create application in first place and then update the RedirectUri and the "MSAL Only" URI as shown below:

• Create new Azure AD Application and pass them into variable: $app = New-AzureADMSApplication -DisplayName TestApp -SignInAudience AzureADMultipleOrgs
• Append following characters msal & ://auth along with AppID and then pass the outcome into variable: $msalonly = 'msal'+$app.AppId+'://auth'
• Set PublicClient RedirectUris as shown below: Set-AzureADMSApplication -ObjectId $app.Id -PublicClient @{RedirectUris = "https://mynewapp.contoso.com/", $msalonly }

Final outcome:

Hope this helps.

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.