New-MgApplication failing even with correct permissions

RegioNW 1 Reputation point
2022-05-11T23:28:16.253+00:00

I'm trying to automate the creation of Azure application using PowerShell Microsoft.Graph module cmdlets. When running New-MgApplication I'm getting error: "New-MgApplication_CreateExpanded1: Insufficient privileges to complete the operation."

Microsoft Graph indicates the permissions required for this command are :
New-MgApplication Applications POST /applications IMicrosoftGraphApplication1 {Application.ReadWrite.All, Directory.AccessAsUser.All} {Create1, CreateExpanded1}

I consented to get those permissions and I do get them listed when I run:

(Get-MgContext).Scopes
Application.ReadWrite.All
Directory.AccessAsUser.All
Directory.ReadWrite.All

Why I still getting the insufficient privileges error? what Am I missing?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,589 questions
{count} votes

4 answers

Sort by: Most helpful
  1. CarlZhao-MSFT 43,491 Reputation points
    2022-05-12T06:44:05.03+00:00

    Hi @RegioNW

    I tested the command locally and it works fine for me.

    First run the command to connect to MgGraph. The command prompts you to go to a web page to sign in using a device code. Once you've done that, the command indicates success with a Welcome To Microsoft Graph! message. You only need to sign in once per session.

    Connect-MgGraph -Scopes "Application.ReadWrite.All"  
    

    Then run the command to automatically create the Azure AD application:

    New-MgApplication -DisplayName 'New app 2' | Format-List Id, DisplayName, AppId, SignInAudience, PublisherDomain  
    

    201285-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

  2. CarlZhao-MSFT 43,491 Reputation points
    2022-05-17T03:16:05.207+00:00

    Hi @RegioNW

    You can use this PowerShell command to add an instance of an application from the Azure AD application gallery into your directory.

    Import-Module Microsoft.Graph.Applications  
      
    $params = @{  
    	DisplayName = "Azure AD SAML Toolkit"  
    }  
      
    Invoke-MgInstantiateApplicationTemplate -ApplicationTemplateId $applicationTemplateId -BodyParameter $params  
    

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

  3. RegioNW 1 Reputation point
    2022-05-12T13:52:10.55+00:00

    Hi CarlZhao, tks for your answer, I did exactly as you mentioned and it works, however when using -ApplicationTemplateId it fails with the insufficient permissions error, do we need a special permission to use this parameter?

    0 comments No comments

  4. RegioNW 1 Reputation point
    2022-05-12T15:22:32.3+00:00

    here the parameter values I'm trying to execute:
    New-MgApplication -DisplayName "myAppDisplayName" -ApplicationTemplateId "5da54e9e-f26d-4c5e-a38c-b410271496a8"

    and getting:

    New-MgApplication_CreateExpanded1: Insufficient privileges to complete the operation.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.