New-AzureADServicePrincipal
This article provides migration details from New-AzureADServicePrincipal command to Microsoft Graph PowerShell.
Summary
- Azure AD Command: New-AzureADServicePrincipal
- Azure AD Module: AzureAD
- Microsoft Graph Command: New-MgServicePrincipal (Community Examples)
- Graph Module: Microsoft.Graph.Applications
- Graph Endpoint: POST /servicePrincipals
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Application.ReadWrite.All | Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Application.ReadWrite.OwnedBy | Application.ReadWrite.All, Directory.ReadWrite.All |
View more details on permissions.
For multi-tenant apps, the calling user must also be in one of the following Microsoft Entra roles:
- Application Administrator
- Cloud Application Administrator roles
For single-tenant apps where the calling user is a non-admin user but is the owner of the backing application, the user must have the Application Developer role.
Property Mapping
| Azure AD Name | Microsoft Graph Name |
|---|---|
| AccountEnabled | AccountEnabled |
| AlternativeNames | AlternativeNames |
| AppId | AppId |
| AppRoleAssignmentRequired | AppRoleAssignmentRequired |
| ErrorUrl | NA |
| Homepage | Homepage |
| KeyCredentials | KeyCredentials |
| LogoutUrl | LogoutUrl |
| PasswordCredentials | PasswordCredentials |
| PublisherName | NA |
| ReplyUrls | ReplyUrls |
| DisplayName | DisplayName |
| SamlMetadataUrl | NA |
| ServicePrincipalNames | ServicePrincipalNames |
| ServicePrincipalType | ServicePrincipalType |
| Tags | Tags |