App Registration with Microsoft Entra ID Configure SharePoint Permissions

Introduction

On this article, you’ll learn to register an app with Microsoft Entra ID and configure SharePoint permissions utilizing PowerShell. The script will carry out the next actions.

1. Register a brand new utility in Microsoft Entra ID.
2. Configure the required SharePoint permissions.
3. Present admin consent for the permissions.

Conditions

1. Set up the Microsoft Graph PowerShell SDK.
2. Microsoft Entra ID administrator permissions to create and configure app registration.
3. Create a self-signed certificates by executing Create-SelfSignedCertificate.ps1.

Steps Concerned

Carry out the next steps to register an app with Microsoft Entra ID and configure SharePoint permissions utilizing PowerShell.

Open Home windows PowerShell ISE. Copy and paste the under script.

param(
    [Parameter(Mandatory=$true,
    HelpMessage="The friendly name of the app registration")]
    [String]
    $AppName,

[Parameter(Mandatory=$true,
    HelpMessage="The file path to your public key file")]
    [String]
    $CertPath,

[Parameter(Mandatory=$false,
    HelpMessage="Your Azure Active Directory tenant ID")]
    [String]
    $TenantId,

[Parameter(Mandatory=$false)]
    [Switch]
    $StayConnected = $false
)

# Show the choices for permission
$validOptions = @('F', 'S')
Write-Host "Choose the permissions: [F]-sites.FullControl.All [S]-sites.Chosen"

# Loop to immediate the person till a legitimate possibility is chosen
do 
    foreach ($possibility in $validOptions) 
        Write-Host "[$option]"

$selectedPermission = Learn-Host "Enter your selection (F, or S)"
 whereas ($selectedPermission -notin $validOptions)

# Map person enter to corresponding permissions
$permissionMapping = @    
    'F' = '678536fe-1083-478a-9c59-b99265e6b0d3'
    'S' = '20d37865-089c-4dee-8c41-6967602d4ac8'

$selectedPermissionValue = $permissionMapping[$selectedPermission]

# Requires an admin
if ($TenantId)

Join-MgGraph -Scopes "Software.ReadWrite.All Person.Learn AppRoleAssignment.ReadWrite.All" -TenantId $TenantId

else

Join-MgGraph -Scopes "Software.ReadWrite.All Person.Learn AppRoleAssignment.ReadWrite.All"

# Graph permissions constants
$sharePointResourceId = "00000003-0000-0ff1-ce00-000000000000"
$SitePermission = @
    Id=$selectedPermissionValue
    Kind="Position"

# Get context for entry to tenant ID
$context = Get-MgContext

# Load cert
$cert = New-Object System.Safety.Cryptography.X509Certificates.X509Certificate2($CertPath)
Write-Host -ForegroundColor Cyan "Certificates loaded"

# Create app registration
$appRegistration = New-MgApplication -DisplayName $AppName -SignInAudience "AzureADMyOrg" `
 -Net @ RedirectUris="http://localhost";  `
 -RequiredResourceAccess @ ResourceAppId=$sharePointResourceId; ResourceAccess=$UserReadAll, $GroupReadAll, $SitePermission  `
 -AdditionalProperties @ -KeyCredentials @(@ Kind="AsymmetricX509Cert"; Utilization="Confirm"; Key=$cert.RawData )
Write-Host -ForegroundColor Cyan "App registration created with app ID" $appRegistration.AppId

# Create corresponding service principal
$servicePrincipal= New-MgServicePrincipal -AppId $appRegistration.AppId -AdditionalProperties @ | Out-Null
Write-Host -ForegroundColor Cyan "Service principal created"
Write-Host
Write-Host -ForegroundColor Inexperienced "Success"
Write-Host

# Offering admin consent
$scp = Get-MgServicePrincipal -Filter "DisplayName eq '$($AppName)'" 
$app = Get-MgServicePrincipal -Filter "AppId eq '$sharePointResourceId'" 
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $scp.id -PrincipalId $scp.Id -ResourceId $app.Id -AppRoleId $selectedPermissionValue  

# Generate Join-MgGraph command
$connectGraph = "Join-MgGraph -ClientId """ + $appRegistration.AppId + """ -TenantId """`
 + $context.TenantId + """ -CertificateName """ + $cert.SubjectName.Identify + """"
Write-Host $connectGraph

if ($StayConnected -eq $false)

Disconnect-MgGraph
    Write-Host "Disconnected from Microsoft Graph"

else

Write-Host
    Write-Host -ForegroundColor Yellow "The connection to Microsoft Graph remains to be lively. To disconnect, use Disconnect-MgGraph"

Save the file as RegisterAppOnly.ps1 and run the PowerShell script.

Be aware. SharePointResourceId and SitePermissionID are captured, as proven within the screenshot under.

Abstract

This text describes methods to register an app with Microsoft Entra ID and configure SharePoint permissions utilizing PowerShell.

Know extra about our firm at Skrots. Know extra about our companies at Skrots Companies, Additionally checkout all different blogs at Weblog at Skrots


Know more about our company at Skrots. Know more about our services at Skrots Services, Also checkout all other blogs at Blog at Skrots

Thanks, Harsh
Founder | CEO — Skrots

Learn more about our blog at Blog at Skrots. Checkout our list of services on Skrots. Give a look at our website design at Skrots . Checkout our LinkedIn Page at LinkedIn.com. Check out our original post at https://blog.skrots.com/app-registration-with-microsoft-entra-id-configure-sharepoint-permissions/?feed_id=6351&_unique_id=6654ab76885de