Set-EntraServicePrincipal
Updates a service principal.
Syntax
Default (Default)
Set-EntraServicePrincipal
-ServicePrincipalId <String>
[-KeyCredentials <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]>]
[-Homepage <String>]
[-AppId <String>]
[-LogoutUrl <String>]
[-ServicePrincipalType <String>]
[-AlternativeNames <System.Collections.Generic.List`1[System.String]>]
[-PasswordCredentials <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]>]
[-PreferredSingleSignOnMode <String>]
[-Tags <System.Collections.Generic.List`1[System.String]>]
[-AccountEnabled <String>]
[-ServicePrincipalNames <System.Collections.Generic.List`1[System.String]>]
[-AppRoleAssignmentRequired <Boolean>]
[-DisplayName <String>]
[-ReplyUrls <System.Collections.Generic.List`1[System.String]>]
[<CommonParameters>]
Description
The Set-EntraServicePrincipal cmdlet updates a service principal in Microsoft Entra ID.
Examples
Example 1: Disable the account of a service principal
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -AccountEnabled $false
This example demonstrates how to update AccountEnabled of a service principal in Microsoft Entra ID.
-ServicePrincipalIdparameter specifies the ID of a service principal.-AccountEnabledparameter specifies indicates whether the account is enabled.
Example 2: Update Homepage of a service principal
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
$homePage = 'https://*.e-days.com/SSO/SAML2/SP/AssertionConsumer.aspx?metadata=e-days|ISV9.2|primary|z'
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -Homepage $homePage
This example demonstrates how to update AppId and Homepage of a service principal in Microsoft Entra ID.
-ServicePrincipalIdparameter specifies the ID of a service principal.-AppIdparameter specifies the application ID.-Homepageparameter specifies the home page or landing page of the application.
Example 3: Update AlternativeNames and DisplayName of a service principal
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -AlternativeNames 'Helpdesk Application Global' -DisplayName 'NewName'
This example demonstrates how to update AlternativeNames and DisplayName of a service principal in Microsoft Entra ID.
-ServicePrincipalIdparameter specifies the ID of a service principal.
Example 4: Update LogoutUrl and ReplyUrls of a service principal
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
$logoutUrl = 'https://securescore.office.com/SignOut'
$replyUrls = 'https://admin.contoso.com'
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -LogoutUrl $logoutUrl -ReplyUrls $replyUrls
This example demonstrates how to update LogoutUrl and ReplyUrls of a service principal in Microsoft Entra ID.
-ServicePrincipalIdparameter specifies the ID of a service principal.-LogoutUrlparameter specifies the sign out URL.-ReplyUrlsparameter specifies the URLs that user tokens are sent to for sign in with the associated application.
Example 5: Update ServicePrincipalType and AppRoleAssignmentRequired of a service principal
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -ServicePrincipalType 'Application' -AppRoleAssignmentRequired $True
This example demonstrates how to update ServicePrincipalType and AppRoleAssignmentRequired of a service principal in Microsoft Entra ID.
-ServicePrincipalIdparameter specifies the ID of a service principal.-ServicePrincipalTypeparameter specifies the service principal type.-AppRoleAssignmentRequiredparameter specifies indicates whether an application role assignment is required.
Example 6: Update KeyCredentials of a service principal
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
$creds = New-Object Microsoft.Open.AzureAD.Model.KeyCredential
$creds.CustomKeyIdentifier = [System.Text.Encoding]::UTF8.GetBytes('Test')
$startdate = Get-Date -Year 2024 -Month 10 -Day 10
$creds.StartDate = $startdate
$creds.Type = 'Symmetric'
$creds.Usage = 'Sign'
$creds.Value = [System.Text.Encoding]::UTF8.GetBytes('A')
$creds.EndDate = Get-Date -Year 2025 -Month 12 -Day 20
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -KeyCredentials $creds
This example demonstrates how to update KeyCredentials of a service principal in Microsoft Entra ID.
Use the New-EntraServicePrincipalPasswordCredential and Remove-EntraServicePrincipalPasswordCredential cmdlets to update the password or secret for a servicePrincipal.
Example 7: Update PreferredSingleSignOnMode of a service principal
Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -PreferredSingleSignOnMode 'saml'
This example demonstrates how to update PreferredSingleSignOnMode of a service principal in Microsoft Entra ID.
-ServicePrincipalIdparameter specifies the ID of a service principal.-PreferredSingleSignOnModeparameter specifies the single sign-on mode configured for this application.
Parameters
-AccountEnabled
Indicates whether the account is enabled.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-AlternativeNames
The alternative names for this service principal.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-AppId
Specifies the application ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-AppRoleAssignmentRequired
Indicates whether an application role assignment is required.
Parameter properties
| Type: | System.Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DisplayName
Specifies the display name.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Homepage
Specifies the home page or landing page of the application.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-KeyCredentials
Specifies key credentials.
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-LogoutUrl
Specifies the sign out URL.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PasswordCredentials
Specifies password credentials.
Parameter properties
| Type: | System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PreferredSingleSignOnMode
Specifies the single sign-on mode configured for this application. Microsoft Entra ID uses the preferred single sign-on mode to launch the application from Microsoft 365 or the My Apps portal. The supported values are password, saml, notSupported, and oidc.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ReplyUrls
The URLs that user tokens are sent to for sign in with the associated application, or the redirect Uniform Resource Identifiers that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ServicePrincipalId
Species the ID of a service principal in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-ServicePrincipalNames
Specifies service principal names.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ServicePrincipalType
The service principal type.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Tags
Specifies an array of tags.
If you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}.
Parameter properties
| Type: | System.Collections.Generic.List`1[System.String] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.