Did you ever want to create Azure AD applications from their manifest? Now you can with CLI for Microsoft 365.
Recently, I wrote about how CLI for Microsoft 365 simplifies creating Azure AD apps. With just one command, you can create a new Azure AD app registration configured with the necessary authentication settings, API permissions and more.
When you build apps on Microsoft 365, you need an Azure AD app registration for your app. The app registration represents your app on the Microsoft cloud and defines the authentication capabilities and API permissions of your app.
Because Azure AD apps play such an important role, we thought that we should simplify creating them, so that you can focus on building your app. If you script deploying your app between the different environments but also in your team, including CLI for Microsoft 365 will help you include the creation of the Azure AD app registration while keeping your script simple.
With CLI for Microsoft 365, we brought down creating Azure AD apps to just one command. But we didn't stop there.
When building apps for Microsoft 365, you typically start by creating an Azure AD app registration. Without it, your app won't be able to connect to Microsoft 365. While developing your app, the easiest way to create and configure your Azure AD app is through the Azure Portal.
The Azure Portal lets you easily create the app registration and configure it to match your needs. But then what, how do you share this configuration with your fellow developers or customers?
In CLI for Microsoft 365 v3.9 (available as preview when writing this article), we introduced support for creating Azure AD app registrations from their manifest. After you created and configured Azure AD app registration in the Azure Portal, go to the Manifest tab, copy the manifest's contents and save them to a file in your project.
Next, after signing in to the tenant where you want to create your app, execute:
m365 aad app add --manifest @manifest.json
That's it. CLI for Microsoft 365 will take the manifest you specified and create a new Azure AD app registration with the specified configuration. If you prefer to separate configuration from code, you'll love this approach!
There are some limitations related to creating Azure AD apps from the manifest that you should take into account.
First, if you granted your Azure AD app permissions to custom APIs that are registered in one directory, their IDs will by likely different when you create the app registration in another directory. You can work around it, by removing the tenant-specific API permissions from the manifest, and grant them using the
apisDelegated option, like:
m365 aad app add --manifest @manifest.json --apisDelegated 'https://contoso.microsoft.com/App.Read'
Another thing you should consider is, that when you look at the manifest that you copy from the Azure Portal, there are some properties that are not supported by Microsoft Graph which we use to create the app. The command automatically removes them from the manifest so that it can create the app registration but some settings will be missing in the created app.
Since we've just introduced this functionality in the v3.9 beta version of CLI for Microsoft 365, we'd love for you to give it a try and tell us what you think. Does it work? Do we miss something important? Is there anything that we should reconsider?
To see what's possible, see the command's docs. Looking forward to hearing from you.