Set-EntraApplication

Updates the properties of an application object.

Syntax

Set-EntraApplication
   -ApplicationId <String>
   [-PasswordCredentials <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]>]
   [-TokenEncryptionKeyId <String>]
   [-SignInAudience <String>]
   [-KeyCredentials <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]>]
   [-ParentalControlSettings <ParentalControlSettings>]
   [-IdentifierUris <System.Collections.Generic.List`1[System.String]>]
   [-AppRoles <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]>]
   [-PublicClient <PublicClientApplication>]
   [-InformationalUrl <InformationalUrl>]
   [-Tags <System.Collections.Generic.List`1[System.String]>]
   [-Api <ApiApplication>]
   [-OptionalClaims <OptionalClaims>]
   [-GroupMembershipClaims <String>]
   [-Web <WebApplication>]
   [-DisplayName <String>]
   [-IsFallbackPublicClient <Boolean>]
   [-IsDeviceOnlyAuthSupported <Boolean>]
   [-RequiredResourceAccess <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]>]
   [<CommonParameters>]

Description

Updates the properties of an application object.

Examples

Example 1: Update an application

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
$params = @{
    ApplicationId = $application.Id
    DisplayName = 'Contoso Entra PowerShell App Production'
    IdentifierUris = 'https://contoso.com'
    GroupMembershipClaims = 'SecurityGroup'
    IsDeviceOnlyAuthSupported = $False
    Tags = 'mytag'
}
Set-EntraApplication @params

This command updates an application in Microsoft Entra ID.

Example 2: Update an application using IdentifierUris parameter

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Set-EntraApplication -ApplicationId $application.Id -IdentifierUris 'https://mynewapp.contoso.com'

This command updates an application in Microsoft Entra ID.

Example 3: Update an application using GroupMembershipClaims parameter

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Set-EntraApplication -ApplicationId $application.Id -GroupMembershipClaims 'SecurityGroup'

This command updates an application in Microsoft Entra ID.

Example 4: Update an application using IsDeviceOnlyAuthSupported parameter

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Set-EntraApplication -ApplicationId $application.Id -IsDeviceOnlyAuthSupported $False

This command updates an application in Microsoft Entra ID.

Example 5: Update an application using Tags parameter

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Set-EntraApplication -ApplicationId $application.Id -Tags 'mytag'

This command updates an application in Microsoft Entra ID.

Parameters

-Api

Specifies settings for an application that implements a web API.

Type:ApiApplication
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ApplicationId

Specifies the ID of an application in Microsoft Entra ID.

Type:System.String
Aliases:ObjectId
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-AppRoles

The collection of application roles that an application might declare.

These roles can be assigned to users, groups, or service principals.

Type:System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

Specifies the display name.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GroupMembershipClaims

Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IdentifierUris

Specifies identifier Uniform Resource Identifiers (URIs).

Type:System.Collections.Generic.List`1[System.String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InformationalUrl

Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs.

The terms of service and privacy statement are surfaced to users through the user consent experience.

Type:InformationalUrl
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsDeviceOnlyAuthSupported

Specifies if the application supports authentication using a device token.

Type:System.Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsFallbackPublicClient

Specifies the fallback application type as public client, such as an installed application running on a mobile device.

The default value is false that means the fallback application type is confidential client such as web app.

There are certain scenarios where Microsoft Entra ID can't determine the client application type (for example, ROPC flow where it's configured without specifying a redirect URI).

In those cases Microsoft Entra ID interprets the application type based on the value of this property.

Type:System.Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyCredentials

Specifies key credentials.

Type:System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-OptionalClaims

Application developers can configure optional claims in their Microsoft Entra ID apps to specify which claims they want in tokens sent to their application by the Microsoft security token service.

Type:OptionalClaims
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ParentalControlSettings

Specifies parental control settings for an application.

Type:ParentalControlSettings
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PasswordCredentials

Specifies password credentials.

Type:System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PublicClient

Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.

Type:PublicClientApplication
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequiredResourceAccess

Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources.

This pre-configuration of required resource access drives the consent experience.

Type:System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SignInAudience

Specifies what Microsoft accounts are supported for the current application.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Tags

Custom strings that can be used to categorize and identify the application.

Type:System.Collections.Generic.List`1[System.String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TokenEncryptionKeyId

Specifies the keyId of a public key from the keyCredentials collection.

When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to.

The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Web

Specifies settings for a web application.

Type:WebApplication
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Boolean

Microsoft.Open.MSGraph.Model.ApiApplication

Microsoft.Open.MSGraph.Model.InformationalUrl

Microsoft.Open.MSGraph.Model.OptionalClaims

Microsoft.Open.MSGraph.Model.ParentalControlSettings

Microsoft.Open.MSGraph.Model.PublicClientApplication

Microsoft.Open.MSGraph.Model.WebApplication

String

System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AddIn]

System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]

System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]

System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]

System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]

System.Collections.Generic.List`1[System.String]

System.Nullable`1[System.Boolean]