New-AzureADApplication

Creates an application.

Syntax

New-AzureADApplication
   [-AddIns <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AddIn]>]
   [-AllowGuestsSignIn <Boolean>]
   [-AllowPassthroughUsers <Boolean>]
   [-AppLogoUrl <String>]
   [-AppRoles <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AppRole]>]
   [-AvailableToOtherTenants <Boolean>]
   -DisplayName <String>
   [-ErrorUrl <String>]
   [-GroupMembershipClaims <String>]
   [-Homepage <String>]
   [-IdentifierUris <System.Collections.Generic.List`1[System.String]>]
   [-InformationalUrls <InformationalUrl>]
   [-IsDeviceOnlyAuthSupported <Boolean>]
   [-IsDisabled <Boolean>]
   [-KeyCredentials <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]>]
   [-KnownClientApplications <System.Collections.Generic.List`1[System.String]>]
   [-LogoutUrl <String>]
   [-Oauth2AllowImplicitFlow <Boolean>]
   [-Oauth2AllowUrlPathMatching <Boolean>]
   [-Oauth2Permissions <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.OAuth2Permission]>]
   [-Oauth2RequirePostResponse <Boolean>]
   [-OrgRestrictions <System.Collections.Generic.List`1[System.String]>]
   [-OptionalClaims <OptionalClaims>]
   [-ParentalControlSettings <ParentalControlSettings>]
   [-PasswordCredentials <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]>]
   [-PreAuthorizedApplications <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PreAuthorizedApplication]>]
   [-PublicClient <Boolean>]
   [-PublisherDomain <String>]
   [-RecordConsentConditions <String>]
   [-ReplyUrls <System.Collections.Generic.List`1[System.String]>]
   [-RequiredResourceAccess <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]>]
   [-SamlMetadataUrl <String>]
   [-SignInAudience <String>]
   [-WwwHomepage <String>]
   [<CommonParameters>]

Description

The New-AzureADApplication cmdlet creates an application in Azure Active Directory (AD).

Examples

Example 1: Create an application

PS C:\>New-AzureADApplication -DisplayName "My new application"  -IdentifierUris "http://mynewapp.contoso.com"

ObjectId                             AppId                                DisplayName 
--------                             -----                                ----------- 
acd10942-5747-4385-8824-4c5d5fa904f9 b5fecfab-0ea2-4fd1-8570-b2c41b3d5149 My new application

This command creates an application in Azure AD.

Parameters

-AddIns

Defines custom behavior that a consuming service can use to call an app in specific contexts. For example, applications that can render file streams may set the addIns property for its "FileHandler" functionality. This will let services like Office 365 call the application in the context of a document the user is working on.

Type:List<T>[Microsoft.Open.AzureAD.Model.AddIn]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowGuestsSignIn

{{ Fill AllowGuestsSignIn Description }}

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowPassthroughUsers

{{ Fill AllowPassthroughUsers Description }}

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppLogoUrl

{{ Fill AppLogoUrl Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppRoles

The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals.

Type:List<T>[Microsoft.Open.AzureAD.Model.AppRole]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AvailableToOtherTenants

Indicates whether this application is available in other tenants.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

Specifies the display name of the application.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ErrorUrl

The Error URL of this application

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GroupMembershipClaims

A bitmask that configures the "groups" claim issued in a user or OAuth 2.0 access token that the application expects. The bitmask values are: 0: None, 1: Security groups and Azure AD roles, 2: Reserved, and 4: Reserved. Setting the bitmask to 7 will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Homepage

The URL to the application's homepage.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IdentifierUris

User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain (see "Domains" tab in the Azure classic portal) if the application is multi-tenant.

The first element is populated from the Web application's "APP ID URI" field if updated via the Azure classic portal (or respective Azure AD PowerShell cmdlet parameter). Additional URIs can be added via the application manifest; see Understanding the Azure AD Application Manifest for details. This collection is also used to populate the Web application's servicePrincipalNames collection.

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InformationalUrls

{{ Fill InformationalUrls Description }}

Type:InformationalUrl
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsDeviceOnlyAuthSupported

{{ Fill IsDeviceOnlyAuthSupported Description }}

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsDisabled

{{ Fill IsDisabled Description }}

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyCredentials

The collection of key credentials associated with the application

Type:List<T>[Microsoft.Open.AzureAD.Model.KeyCredential]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KnownClientApplications

Client applications that are tied to this resource application. Consent to any of the known client applications will result in implicit consent to the resource application through a combined consent dialog (showing the OAuth permission scopes required by the client and the resource).

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LogoutUrl

The logout url for this application

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Oauth2AllowImplicitFlow

Specifies whether this web application can request OAuth2.0 implicit flow tokens. The default is false.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Oauth2AllowUrlPathMatching

Specifies whether, as part of OAuth 2.0 token requests, Azure AD will allow path matching of the redirect URI against the application's replyUrls. The default is false.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Oauth2Permissions

The collection of OAuth 2.0 permission scopes that the web API (resource) application exposes to client applications. These permission scopes may be granted to client applications during consent.

Type:List<T>[Microsoft.Open.AzureAD.Model.OAuth2Permission]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Oauth2RequirePostResponse

Set this to true if an Oauth2 psot response is required

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-OptionalClaims

{{ Fill OptionalClaims Description }}

Type:OptionalClaims
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-OrgRestrictions

{{ Fill OrgRestrictions Description }}

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ParentalControlSettings

{{ Fill ParentalControlSettings Description }}

Type:ParentalControlSettings
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PasswordCredentials

The collection of password credentials associated with the application.

Type:List<T>[Microsoft.Open.AzureAD.Model.PasswordCredential]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PreAuthorizedApplications

{{ Fill PreAuthorizedApplications Description }}

Type:List<T>[Microsoft.Open.AzureAD.Model.PreAuthorizedApplication]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PublicClient

Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PublisherDomain

{{ Fill PublisherDomain Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RecordConsentConditions

Do not use. May be removed in future versions

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ReplyUrls

Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequiredResourceAccess

Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience.

Type:List<T>[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SamlMetadataUrl

The URL to the SAML metadata for the application.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SignInAudience

{{ Fill SignInAudience Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WwwHomepage

{{ Fill WwwHomepage Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False