PowerShell Basics: How to Create an Azure AD App Registration

Azure Active Directory () is Microsoft's fully managed multi-tenant identity and access capabilities for app service. More organizations are now harnessing the security capabilities of into the apps they create for an additional layer of . This post will cover register an app to via PowerShell to take advantage of this.


The Azure AD Module needs to be added to PowerShell prior to getting started. Execute the command below in PowerShell using elevated or Administrative status: 

Install-Module AzureAD

Once the Azure AD Module is installed, run the following command in the same PowerShell window to connect to the required Azure AD tenant: 


NOTE: The required TenantId will be required in subscriptions with multiple tenants. The TenantId value can be found in the Azure Portal navigating to Azure Active Directory > Properties and is listed under Directory ID.

AzureAD_App_Registration_TenantId_001.pngAzure Active Directory TenantId

Run the following command in the same PowerShell window to connect to the specific Azure AD TenantId (if required): 

Connect-AzureAD -TenantId *Insert Directory ID here*

Step 1: Creating the Azure AD App Registration

Next the following cmdlet is run, now that required Azure AD tenant is connected to PowerShell, to capture the name of the application and the IdentifierURI.

$appName = "TailwindTradersSalesApp"
$appURI = "https://tailwindtraderssalesapp.twtmitt.onmicrosoft.com"
$appHomePageUrl = "http://www.tailwindtraders.com/"
$appReplyURLs = @($appURI, $appHomePageURL, "https://localhost:1234")
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"  -ErrorAction SilentlyContinue))
    $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs

Step 2: Adding the App Key

With the required URIs now captured, it is time to add the application key.  The key will be stored in the Azure Key Vault which ensures the it's security and disallows unauthorized access. Run the following command to invoke this process: 

$Guid = New-Guid
$startDate = Get-Date

$PasswordCredential = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential
$PasswordCredential.StartDate = $startDate
$PasswordCredential.EndDate = $startDate.AddYears(1)
$PasswordCredential.KeyId = $Guid
$PasswordCredential.Value = ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($Guid))))

NOTE: The PasswordCredential value is created as a Base64 value and is saved in the Azure Key Vault.

This process can also be completed via the Azure Portal but will take much more time to complete.


This article was originally published by Microsoft's Azure SQL Database Blog. You can find the original article here.