Introduction:
This post will go over a three different ways to add owner to Azure AD Application using Azure Powershell, Azure AD Graph, and Microsoft Graph endpoint. The Microsoft Graph documentation on this may not be clear to point out that an Application owner can be either a User object or a Service Principal object.
Various technique to add Application Owner:
Azure AD Powershell:
Use the Azure AD Powershell command Add-AzureADApplicationOwner. Below is an example:
# prerequisite: You may need to run Install-Module -Name AzureADPreview to install AzureADPreview module first
$AppObj = (Get-AzureADApplication -Filter “DisplayName eq ‘DeleteMe'”).ObjectId
$UserObj = (Get-AzureADUser -ObjectId xyz@tenant.onmicrosoft.com).ObjectId
Echo ‘Get Application Owner list Before Adding Owner….’
Get-AzureADApplicationOwner -ObjectId $AppObj
Add-AzureADApplicationOwner -ObjectId $AppObj -RefObjectId $UserObj
Echo ‘Get Application Owner After Adding Owner….’
Get-AzureADApplicationOwner -ObjectId $AppObj
Azure AD Graph API:
Request:
# Directory ID can be obtained from the Azure portal –> Azure Active Directory –> Properties –> Directory ID
Request Header:
Content-Type: application/json
Request payload:
{
“url”:“https://graph.windows.net/<Directory ID>/directoryObjects/<Object ID>“
}
Note: the above Object ID can be either a User Object ID or a Service Principal Object ID
Microsoft Graph API:
Request:
POST https://graph.microsoft.com/beta/applications/<Application Object ID>/owners/$ref
Request Header:
Content-Type: application/json
Request payload:
# for User Object:
{
“@odata.id”: “https://graph.microsoft.com/beta/users/<User Object ID>”
}
# for Service Principal Object:
{
“@odata.id”:”https://graph.microsoft.com/beta/servicePrincipals/<Service Principal Object ID>”
}
References:
https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/application_post_owners
https://github.com/microsoftgraph/microsoft-graph-docs/issues/1645