Create a custom application
Prerequisites
To create a custom application and grant it permissions, you need:
- A Microsoft Entra user account. If you don't already have one, you can Create an account for free.
- One of the following roles: Cloud Application Administrator, or Application Administrator.
Create an application in the Microsoft Entra admin center
To create custom applications for connecting to Microsoft Entra ID using Microsoft Entra PowerShell, follow the steps in the following section. Use the custom application to isolate and limit the permissions granted for a Microsoft Entra resource.
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Identity > Applications > App registrations and then select > New Registration.
Enter a name for your application, for example Microsoft Entra PowerShell App.
For Supported account types, select Accounts in this organization directory.
For Redirect URI select: - Public client/native from the drop-down - URI value:
http://localhostSelect Register. To manage the resources that your application gets access to in your tenant, locate the application's service principal in the Enterprise applications pane.
Browse to Identity > Applications > Enterprise applications > All applications and select the application you created.
Under Manage, select Properties and set Assignment required? to Yes.
Select Save.
Under Manage, select Users and groups.
Select Add user/group and add the users and groups permitted to use this application.
Once you add all the users and groups, select Assign.
Note
In the app's Overview section, copy the Application (client ID) and Directory (tenant) ID. You use the values when connecting to Microsoft Entra ID.
Assign API permissions to the custom application
You need to set up Microsoft Graph permissions for the new application to connect to Microsoft Entra ID and manage Microsoft Entra resources.
- Browse to Identity > Applications > App Registrations > All applications and select the application you created.
- Under API permissions, select Add a permission > Select Microsoft APIs > Microsoft Graph.
- Choose the type of permissions you require, either delegated or application permissions.
- If you need to sign in to the app to manage your resources in Microsoft Entra ID, select Delegated permissions.
- If you want the app to access Microsoft Entra resources on its own without user interaction, select Application permissions
- Search for the required permission for example,
User.Read.All. - Select Grand admin consent for TenantName. Select Yes. Ensure the status shows a green checkmark.
You can now use the newly created app by connecting with:
Connect-Entra -ClientId <your-new-app-id>
For more connection options, see the Connect-Entra command details.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for