Microsoft.Graph.Applications
Microsoft Graph PowerShell Cmdlets
Microsoft.Graph.Applications
| Add-MgApplicationKey |
Add a key credential to an application. This method, along with removeKey can be used by an application to automate rolling its expiring keys. As part of the request validation for this method, a proof of possession of an existing key is verified before the action can be performed. Applications that don't have any existing valid certificates (no certificates have been added yet, or all certificates have expired), won't be able to use this service action. You can use the Update application operation to perform an update instead. |
| Add-MgApplicationPassword |
Adds a strong password or secret to an application. |
| Add-MgServicePrincipalKey |
Adds a key credential to a servicePrincipal. This method along with removeKey can be used by a servicePrincipal to automate rolling its expiring keys. As part of the request validation for this method, a proof of possession of an existing key is verified before the action can be performed. ServicePrincipals that don't have any existing valid certificates (i.e.: no certificates have been added yet, or all certificates have expired), won't be able to use this service action. Update servicePrincipal can be used to perform an update instead. |
| Add-MgServicePrincipalPassword |
Add a strong password or secret to a servicePrincipal object. |
| Add-MgServicePrincipalTokenSigningCertificate |
Create a self-signed signing certificate and return a selfSignedCertificate object, which is the public part of the generated certificate.
The self-signed signing certificate is composed of the following objects, which are added to the servicePrincipal: \n+ The keyCredentials object with the following objects:\n + A private key object with usage set to |
| Clear-MgApplicationVerifiedPublisher |
Unset the verifiedPublisher previously set on an application, removing all verified publisher properties. For more information, see Publisher verification. |
| Confirm-MgApplicationMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. |
| Confirm-MgApplicationMemberObject |
Invoke action checkMemberObjects |
| Confirm-MgServicePrincipalMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. |
| Confirm-MgServicePrincipalMemberObject |
Invoke action checkMemberObjects |
| Get-MgApplication |
Get the properties and relationships of an application object. |
| Get-MgApplicationById |
Return the directory objects specified in a list of IDs. Some common uses for this function are to: |
| Get-MgApplicationCreatedOnBehalfOf |
Supports $filter (/$count eq 0, /$count ne 0). Read-only. |
| Get-MgApplicationCreatedOnBehalfOfByRef |
Invoke action getByIds |
| Get-MgApplicationDelta |
Invoke function delta |
| Get-MgApplicationExtensionProperty |
Read-only. Nullable. Supports $expand and $filter (/$count eq 0, /$count ne 0). |
| Get-MgApplicationFederatedIdentityCredential |
Federated identities for applications. Supports $expand and $filter (startsWith, /$count eq 0, /$count ne 0). |
| Get-MgApplicationHomeRealmDiscoveryPolicy |
Get homeRealmDiscoveryPolicies from applications |
| Get-MgApplicationLogo |
The main logo for the application. Not nullable. |
| Get-MgApplicationMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
| Get-MgApplicationMemberObject |
Return all IDs for the groups, administrative units, and directory roles that a user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. Note: Only users and role-enabled groups can be members of directory roles. |
| Get-MgApplicationOwner |
Directory objects that are owners of the application. Read-only. Nullable. Supports $expand and $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). |
| Get-MgApplicationOwnerByRef |
Directory objects that are owners of the application. Read-only. Nullable. Supports $expand and $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). |
| Get-MgApplicationTemplate |
Retrieve the properties of an applicationTemplate object. |
| Get-MgApplicationTokenIssuancePolicy |
List the tokenIssuancePolicy objects that are assigned to an application. |
| Get-MgApplicationTokenIssuancePolicyByRef |
List the tokenIssuancePolicy objects that are assigned to an application. |
| Get-MgApplicationTokenLifetimePolicy |
List the tokenLifetimePolicy objects that are assigned to an application. |
| Get-MgApplicationTokenLifetimePolicyByRef |
List the tokenLifetimePolicy objects that are assigned to an application. |
| Get-MgGroupAppRoleAssignment |
Represents the app roles a group has been granted for an application. Supports $expand. |
| Get-MgServicePrincipal |
Retrieve the properties and relationships of a servicePrincipal object. |
| Get-MgServicePrincipalAppRoleAssignedTo |
App role assignments for this app or service, granted to users, groups, and other service principals. Supports $expand. |
| Get-MgServicePrincipalAppRoleAssignment |
App role assignment for another app or service, granted to this service principal. Supports $expand. |
| Get-MgServicePrincipalById |
Return the directory objects specified in a list of IDs. Some common uses for this function are to: |
| Get-MgServicePrincipalClaimMappingPolicy |
List the claimsMappingPolicy objects that are assigned to a servicePrincipal. |
| Get-MgServicePrincipalClaimMappingPolicyByRef |
List the claimsMappingPolicy objects that are assigned to a servicePrincipal. |
| Get-MgServicePrincipalCreatedObject |
Directory objects created by this service principal. Read-only. Nullable. |
| Get-MgServicePrincipalDelegatedPermissionClassification |
Get delegatedPermissionClassifications from servicePrincipals |
| Get-MgServicePrincipalDelta |
Invoke function delta |
| Get-MgServicePrincipalEndpoint |
Get endpoints from servicePrincipals |
| Get-MgServicePrincipalHomeRealmDiscoveryPolicy |
List the homeRealmDiscoveryPolicy objects that are assigned to a servicePrincipal. |
| Get-MgServicePrincipalHomeRealmDiscoveryPolicyByRef |
List the homeRealmDiscoveryPolicy objects that are assigned to a servicePrincipal. |
| Get-MgServicePrincipalMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
| Get-MgServicePrincipalMemberObject |
Return all IDs for the groups, administrative units, and directory roles that a user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. Note: Only users and role-enabled groups can be members of directory roles. |
| Get-MgServicePrincipalMemberOf |
Roles that this service principal is a member of. HTTP Methods: GET Read-only. Nullable. Supports $expand. |
| Get-MgServicePrincipalMemberOfByRef |
Invoke action getMemberObjects |
| Get-MgServicePrincipalOauth2PermissionGrant |
Delegated permission grants authorizing this service principal to access an API on behalf of a signed-in user. Read-only. Nullable. |
| Get-MgServicePrincipalOwnedObject |
Directory objects that are owned by this service principal. Read-only. Nullable. Supports $expand and $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). |
| Get-MgServicePrincipalOwner |
Directory objects that are owners of this servicePrincipal. The owners are a set of non-admin users or servicePrincipals who are allowed to modify this object. Read-only. Nullable. Supports $expand and $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). |
| Get-MgServicePrincipalOwnerByRef |
Directory objects that are owners of this servicePrincipal. The owners are a set of non-admin users or servicePrincipals who are allowed to modify this object. Read-only. Nullable. Supports $expand and $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). |
| Get-MgServicePrincipalTokenIssuancePolicy |
The tokenIssuancePolicies assigned to this service principal. |
| Get-MgServicePrincipalTokenLifetimePolicy |
The tokenLifetimePolicies assigned to this service principal. |
| Get-MgServicePrincipalTransitiveMemberOf |
Get transitiveMemberOf from servicePrincipals |
| Get-MgUserAppRoleAssignment |
Represents the app roles a user has been granted for an application. Supports $expand. |
| Invoke-MgInstantiateApplicationTemplate |
Add an instance of an application from the Azure AD application gallery into your directory.
You can also use this API to instantiate non-gallery apps.
Use the following ID for the applicationTemplate object: |
| New-MgApplication |
Create a new application object. |
| New-MgApplicationExtensionProperty |
Create a new directory extension definition, represented by an extensionProperty object. |
| New-MgApplicationFederatedIdentityCredential |
Create a new federatedIdentityCredential object for an application. By configuring a trust relationship between your Azure AD application registration and the identity provider for your compute platform, you can use tokens issued by that platform to authenticate with Microsoft identity platform and call APIs in the Microsoft ecosystem. Maximum of 20 objects can be added to an application. |
| New-MgApplicationOwnerByRef |
Create new navigation property ref to owners for applications |
| New-MgApplicationTokenIssuancePolicyByRef |
Create new navigation property ref to tokenIssuancePolicies for applications |
| New-MgApplicationTokenLifetimePolicyByRef |
Create new navigation property ref to tokenLifetimePolicies for applications |
| New-MgGroupAppRoleAssignment |
Use this API to assign an app role to a security group. All direct members of the group will be considered assigned. Security groups with dynamic memberships are supported. To grant an app role assignment to a group, you need three identifiers: Additional licenses might be required to use a group to manage access to applications. |
| New-MgServicePrincipal |
Create a new servicePrincipal object. |
| New-MgServicePrincipalAppRoleAssignedTo |
Assign an app role for a resource service principal, to a user, group, or client service principal. App roles that are assigned to service principals are also known as application permissions. Application permissions can be granted directly with app role assignments, or through a consent experience. To grant an app role assignment, you need three identifiers: |
| New-MgServicePrincipalAppRoleAssignment |
Assign an app role to a client service principal. App roles that are assigned to service principals are also known as application permissions. Application permissions can be granted directly with app role assignments, or through a consent experience. To grant an app role assignment to a client service principal, you need three identifiers: |
| New-MgServicePrincipalClaimMappingPolicyByRef |
Create new navigation property ref to claimsMappingPolicies for servicePrincipals |
| New-MgServicePrincipalDelegatedPermissionClassification |
Classify a delegated permission by adding a delegatedPermissionClassification to the servicePrincipal representing the API. |
| New-MgServicePrincipalEndpoint |
Create new navigation property to endpoints for servicePrincipals |
| New-MgServicePrincipalHomeRealmDiscoveryPolicyByRef |
Create new navigation property ref to homeRealmDiscoveryPolicies for servicePrincipals |
| New-MgServicePrincipalMemberOfByRef |
The homeRealmDiscoveryPolicies assigned to this service principal. Supports $expand. |
| New-MgServicePrincipalOwnerByRef |
Create new navigation property ref to owners for servicePrincipals |
| New-MgUserAppRoleAssignment |
Use this API to assign an app role to a user. To grant an app role assignment to a user, you need three identifiers: |
| Remove-MgApplication |
Delete an application object. When deleted, apps are moved to a temporary container and can be restored within 30 days. After that time, they are permanently deleted. |
| Remove-MgApplicationCreatedOnBehalfOfByRef |
Delete entity from applications |
| Remove-MgApplicationExtensionProperty |
Delete navigation property extensionProperties for applications |
| Remove-MgApplicationFederatedIdentityCredential |
Delete navigation property federatedIdentityCredentials for applications |
| Remove-MgApplicationKey |
Remove a key credential from an application. This method along with addKey can be used by an application to automate rolling its expiring keys. As part of the request validation for this method, a proof of possession of an existing key is verified before the action can be performed. |
| Remove-MgApplicationOwnerByRef |
Delete ref of navigation property owners for applications |
| Remove-MgApplicationPassword |
Remove a password from an application. |
| Remove-MgApplicationTokenIssuancePolicyByRef |
Delete ref of navigation property tokenIssuancePolicies for applications |
| Remove-MgApplicationTokenLifetimePolicyByRef |
Delete ref of navigation property tokenLifetimePolicies for applications |
| Remove-MgGroupAppRoleAssignment |
Delete navigation property appRoleAssignments for groups |
| Remove-MgServicePrincipal |
Delete a servicePrincipal object. |
| Remove-MgServicePrincipalAppRoleAssignedTo |
Delete navigation property appRoleAssignedTo for servicePrincipals |
| Remove-MgServicePrincipalAppRoleAssignment |
Delete navigation property appRoleAssignments for servicePrincipals |
| Remove-MgServicePrincipalClaimMappingPolicyByRef |
Delete ref of navigation property claimsMappingPolicies for servicePrincipals |
| Remove-MgServicePrincipalDelegatedPermissionClassification |
Delete navigation property delegatedPermissionClassifications for servicePrincipals |
| Remove-MgServicePrincipalEndpoint |
Delete navigation property endpoints for servicePrincipals |
| Remove-MgServicePrincipalHomeRealmDiscoveryPolicyByRef |
Delete ref of navigation property homeRealmDiscoveryPolicies for servicePrincipals |
| Remove-MgServicePrincipalKey |
Remove a key credential from a servicePrincipal. This method along with addKey can be used by a servicePrincipal to automate rolling its expiring keys. As part of the request validation for this method, a proof of possession of an existing key is verified before the action can be performed. |
| Remove-MgServicePrincipalOwnerByRef |
Delete ref of navigation property owners for servicePrincipals |
| Remove-MgServicePrincipalPassword |
Remove a password from a servicePrincipal object. |
| Remove-MgUserAppRoleAssignment |
Delete navigation property appRoleAssignments for users |
| Set-MgApplicationLogo |
The main logo for the application. Not nullable. |
| Set-MgApplicationVerifiedPublisher |
Set the verifiedPublisher on an application. For more information, including prerequisites to setting a verified publisher, see Publisher verification. |
| Test-MgApplicationProperty |
Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. To validate the properties of an existing group, use the group: validateProperties function. The following policy validations are performed for the display name and mail nickname properties:\n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate that the mail nickname is unique This API only returns the first validation failure that is encountered. If the properties fail multiple validations, only the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy. To learn more about configuring naming policies, see Configure naming policy. |
| Test-MgServicePrincipalProperty |
Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. To validate the properties of an existing group, use the group: validateProperties function. The following policy validations are performed for the display name and mail nickname properties:\n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate that the mail nickname is unique This API only returns the first validation failure that is encountered. If the properties fail multiple validations, only the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy. To learn more about configuring naming policies, see Configure naming policy. |
| Update-MgApplication |
Update the properties of an application object. |
| Update-MgApplicationExtensionProperty |
Update the navigation property extensionProperties in applications |
| Update-MgApplicationFederatedIdentityCredential |
Update the navigation property federatedIdentityCredentials in applications |
| Update-MgGroupAppRoleAssignment |
Update the navigation property appRoleAssignments in groups |
| Update-MgServicePrincipal |
Update entity in servicePrincipals |
| Update-MgServicePrincipalAppRoleAssignedTo |
Update the navigation property appRoleAssignedTo in servicePrincipals |
| Update-MgServicePrincipalAppRoleAssignment |
Update the navigation property appRoleAssignments in servicePrincipals |
| Update-MgServicePrincipalDelegatedPermissionClassification |
Update the navigation property delegatedPermissionClassifications in servicePrincipals |
| Update-MgServicePrincipalEndpoint |
Update the navigation property endpoints in servicePrincipals |
| Update-MgUserAppRoleAssignment |
Update the navigation property appRoleAssignments in users |