AADApplication: Creating enterprise apps and associated SPN from the gallery

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations

https://aka.ms/M365DSC

MIT License

1.47k stars 448 forks source link

AADApplication: Creating enterprise apps and associated SPN from the gallery #4431

Open adhodgson1 opened 4 months ago

adhodgson1 commented 4 months ago

I want to use the AADApplication resource to create enterprise apps in a tenant which use the gallery template. For example, to allow people to sign into services like GitHub, Zoom etc. I think we would need the ApplicationTemplateId parameter, but is there anything else we need to allow us to create such applications using DSC? Thanks.

adhodgson1 commented 3 months ago

I modified the AADApplication resource to add the missing applicationTemplateId field using the New-MGApplication cmdlet. However when creating an application I get access denied.

Investigating this further I discovered that if you want to create an application from a gallery template we need to use the Invoke-MgInstantiateApplicationTemplate cmdlet instead.

I have tested this locally and this seems to be the way to go, my question is should this be implemented as a new resource?

adhodgson1 commented 3 months ago

Example of this functionality can be viewed here: https://github.com/orgs/msgraph/discussions/57