Microsoft Entra ID
Azure

App Registration with Microsoft Entra ID Configure SharePoint Permissions

Photo of Harsh Bakshi Harsh Bakshi Send an email May 27, 2024
0 2,357 2 minutes read

Introduction

On this article, you’ll learn to register an app with Microsoft Entra ID and configure SharePoint permissions utilizing PowerShell. The script will carry out the next actions.

  1. Register a brand new utility in Microsoft Entra ID.
  2. Configure the required SharePoint permissions.
  3. Present admin consent for the permissions.

Conditions

  1. Set up the Microsoft Graph PowerShell SDK.
  2. Microsoft Entra ID administrator permissions to create and configure app registration.
  3. Create a self-signed certificates by executing Create-SelfSignedCertificate.ps1.

Steps Concerned

Carry out the next steps to register an app with Microsoft Entra ID and configure SharePoint permissions utilizing PowerShell.

Open Home windows PowerShell ISE. Copy and paste the under script.

param(
    [Parameter(Mandatory=$true,
    HelpMessage="The friendly name of the app registration")]
    [String]
    $AppName,

    [Parameter(Mandatory=$true,
    HelpMessage="The file path to your public key file")]
    [String]
    $CertPath,

    [Parameter(Mandatory=$false,
    HelpMessage="Your Azure Active Directory tenant ID")]
    [String]
    $TenantId,

    [Parameter(Mandatory=$false)]
    [Switch]
    $StayConnected = $false
)

# Show the choices for permission
$validOptions = @('F', 'S')
Write-Host "Choose the permissions: [F]-sites.FullControl.All [S]-sites.Chosen"

# Loop to immediate the person till a legitimate possibility is chosen
do {
    foreach ($possibility in $validOptions) {
        Write-Host "[$option]"
    }
    $selectedPermission = Learn-Host "Enter your selection (F, or S)"
} whereas ($selectedPermission -notin $validOptions)

# Map person enter to corresponding permissions
$permissionMapping = @{    
    'F' = '678536fe-1083-478a-9c59-b99265e6b0d3'
    'S' = '20d37865-089c-4dee-8c41-6967602d4ac8'
}

$selectedPermissionValue = $permissionMapping[$selectedPermission]

# Requires an admin
if ($TenantId)
{
    Join-MgGraph -Scopes "Software.ReadWrite.All Person.Learn AppRoleAssignment.ReadWrite.All" -TenantId $TenantId
}
else
{
    Join-MgGraph -Scopes "Software.ReadWrite.All Person.Learn AppRoleAssignment.ReadWrite.All"
}

# Graph permissions constants
$sharePointResourceId = "00000003-0000-0ff1-ce00-000000000000"
$SitePermission = @{
    Id=$selectedPermissionValue
    Kind="Position"
}

# Get context for entry to tenant ID
$context = Get-MgContext

# Load cert
$cert = New-Object System.Safety.Cryptography.X509Certificates.X509Certificate2($CertPath)
Write-Host -ForegroundColor Cyan "Certificates loaded"

# Create app registration
$appRegistration = New-MgApplication -DisplayName $AppName -SignInAudience "AzureADMyOrg" `
 -Net @{ RedirectUris="http://localhost"; } `
 -RequiredResourceAccess @{ ResourceAppId=$sharePointResourceId; ResourceAccess=$UserReadAll, $GroupReadAll, $SitePermission } `
 -AdditionalProperties @{} -KeyCredentials @(@{ Kind="AsymmetricX509Cert"; Utilization="Confirm"; Key=$cert.RawData })
Write-Host -ForegroundColor Cyan "App registration created with app ID" $appRegistration.AppId

# Create corresponding service principal
$servicePrincipal= New-MgServicePrincipal -AppId $appRegistration.AppId -AdditionalProperties @{} | Out-Null
Write-Host -ForegroundColor Cyan "Service principal created"
Write-Host
Write-Host -ForegroundColor Inexperienced "Success"
Write-Host

# Offering admin consent
$scp = Get-MgServicePrincipal -Filter "DisplayName eq '$($AppName)'" 
$app = Get-MgServicePrincipal -Filter "AppId eq '$sharePointResourceId'" 
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $scp.id -PrincipalId $scp.Id -ResourceId $app.Id -AppRoleId $selectedPermissionValue  

# Generate Join-MgGraph command
$connectGraph = "Join-MgGraph -ClientId """ + $appRegistration.AppId + """ -TenantId """`
 + $context.TenantId + """ -CertificateName """ + $cert.SubjectName.Identify + """"
Write-Host $connectGraph

if ($StayConnected -eq $false)
{
    Disconnect-MgGraph
    Write-Host "Disconnected from Microsoft Graph"
}
else
{
    Write-Host
    Write-Host -ForegroundColor Yellow "The connection to Microsoft Graph remains to be lively. To disconnect, use Disconnect-MgGraph"
}

Save the file as RegisterAppOnly.ps1 and run the PowerShell script.

PowerShell

Be aware. SharePointResourceId and SitePermissionID are captured, as proven within the screenshot under.

SitePermissionID

Abstract

This text describes methods to register an app with Microsoft Entra ID and configure SharePoint permissions utilizing PowerShell.

Know extra about our firm at Skrots. Know extra about our companies at Skrots Companies, Additionally checkout all different blogs at Weblog at Skrots

Tags
Photo of Harsh Bakshi Harsh Bakshi Send an email May 27, 2024
0 2,357 2 minutes read
Show More
Photo of Harsh Bakshi

Harsh Bakshi

Related Articles

Azure cloud services

Explaning Joins in Azure Cosmos DB

2 weeks ago
Project

How To Create An HTTP Set off Azure Operate App Utilizing Visual Studio 2017

2 weeks ago
Endpoints section

Constructing Picture Technology Apps with Azure OpenAI in .NET

2 weeks ago
Azure account

Learn how to Obtain Code from Your Azure Perform App

3 weeks ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button