Set-EntraApplication
Updates the properties of an application object.
Syntax
Default (Default)
Set-EntraApplication
-ApplicationId <String>
[-PasswordCredentials <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]>]
[-TokenEncryptionKeyId <String>]
[-SignInAudience <String>]
[-KeyCredentials <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]>]
[-ParentalControlSettings <ParentalControlSettings>]
[-IdentifierUris <System.Collections.Generic.List`1[System.String]>]
[-AppRoles <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]>]
[-PublicClient <PublicClientApplication>]
[-InformationalUrl <InformationalUrl>]
[-Tags <System.Collections.Generic.List`1[System.String]>]
[-Api <ApiApplication>]
[-OptionalClaims <OptionalClaims>]
[-GroupMembershipClaims <String>]
[-Web <WebApplication>]
[-DisplayName <String>]
[-IsFallbackPublicClient <Boolean>]
[-IsDeviceOnlyAuthSupported <Boolean>]
[-RequiredResourceAccess <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]>]
[<CommonParameters>]
Description
Updates the properties of an application object.
Examples
Example 1: Update an application
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
$params = @{
ApplicationId = $application.Id
DisplayName = 'Contoso Entra PowerShell App Production'
IdentifierUris = 'https://contoso.com'
GroupMembershipClaims = 'SecurityGroup'
IsDeviceOnlyAuthSupported = $False
Tags = 'mytag'
}
Set-EntraApplication @params
This command updates an application in Microsoft Entra ID.
Example 2: Update an application using IdentifierUris parameter
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Set-EntraApplication -ApplicationId $application.Id -IdentifierUris 'https://mynewapp.contoso.com'
This command updates an application in Microsoft Entra ID.
Example 3: Update an application using GroupMembershipClaims parameter
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Set-EntraApplication -ApplicationId $application.Id -GroupMembershipClaims 'SecurityGroup'
This command updates an application in Microsoft Entra ID.
Example 4: Update an application using IsDeviceOnlyAuthSupported parameter
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Set-EntraApplication -ApplicationId $application.Id -IsDeviceOnlyAuthSupported $False
This command updates an application in Microsoft Entra ID.
Example 5: Update an application using Tags parameter
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Set-EntraApplication -ApplicationId $application.Id -Tags 'mytag'
This command updates an application in Microsoft Entra ID.
Example 6: Add a role (AppRole) to an application
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -SearchString 'Contoso Helpdesk Application'
$appRole = New-Object Microsoft.Open.MSGraph.Model.AppRole
$appRole.AllowedMemberTypes = @("User", "Application")
$appRole.Description = "General role"
$appRole.DisplayName = "General"
$appRole.Id = [guid]::NewGuid()
$appRole.IsEnabled = $true
$appRole.Value = "General"
$tags = "WindowsAzureActiveDirectoryIntegratedApp"
Set-EntraApplication -ApplicationId $application.Id -AppRoles $appRole -Tags $tags
This command adds an app role to an application. To retain existing app roles, include them in your request. Any roles not included will be replaced. This object syncs with the corresponding service principal property in the tenant.
The AllowedMemberTypes can take the values:
@("User", "Application")- for users, groups and applications."User"- for users and groups."Application"- for applications.
Parameters
-Api
Specifies settings for an application that implements a web API.
Parameter properties
| Type: | ApiApplication |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ApplicationId
Specifies the ID of an application in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-AppRoles
The collection of application roles that an application might declare.
These roles can be assigned to users, groups, or service principals.
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DisplayName
Specifies the display name.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-GroupMembershipClaims
Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IdentifierUris
Specifies identifier Uniform Resource Identifiers (URIs).
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InformationalUrl
Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs.
The terms of service and privacy statement are surfaced to users through the user consent experience.
Parameter properties
| Type: | InformationalUrl |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IsDeviceOnlyAuthSupported
Specifies if the application supports authentication using a device token.
Parameter properties
| Type: | System.Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IsFallbackPublicClient
Specifies the fallback application type as public client, such as an installed application running on a mobile device.
The default value is false that means the fallback application type is confidential client such as web app.
There are certain scenarios where Microsoft Entra ID can't determine the client application type (for example, ROPC flow where it's configured without specifying a redirect URI).
In those cases Microsoft Entra ID interprets the application type based on the value of this property.
Parameter properties
| Type: | System.Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-KeyCredentials
Specifies key credentials.
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-OptionalClaims
Application developers can configure optional claims in their Microsoft Entra ID apps to specify which claims they want in tokens sent to their application by the Microsoft security token service.
Parameter properties
| Type: | OptionalClaims |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ParentalControlSettings
Specifies parental control settings for an application.
Parameter properties
| Type: | ParentalControlSettings |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PasswordCredentials
Specifies password credentials.
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PublicClient
Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.
Parameter properties
| Type: | PublicClientApplication |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RequiredResourceAccess
Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources.
This pre-configuration of required resource access drives the consent experience.
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SignInAudience
Specifies what Microsoft accounts are supported for the current application.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Tags
Custom strings that can be used to categorize and identify the application.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-TokenEncryptionKeyId
Specifies the keyId of a public key from the keyCredentials collection.
When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to.
The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Web
Specifies settings for a web application.
Parameter properties
| Type: | WebApplication |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.