Set-EntraServicePrincipal

Module:

Microsoft.Entra.Applications Module v1.3

Updates a service principal.

Set-EntraServicePrincipal

 -ServicePrincipalId <String>
 [-KeyCredentials <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]>]
 [-Homepage <String>]
 [-AppId <String>]
 [-LogoutUrl <String>]
 [-ServicePrincipalType <String>]
 [-AlternativeNames <System.Collections.Generic.List`1[System.String]>]
 [-PasswordCredentials <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]>]
 [-PreferredSingleSignOnMode <String>]
 [-Tags <System.Collections.Generic.List`1[System.String]>]
 [-AccountEnabled <String>]
 [-ServicePrincipalNames <System.Collections.Generic.List`1[System.String]>]
 [-AppRoleAssignmentRequired <Boolean>]
 [-DisplayName <String>]
 [-ReplyUrls <System.Collections.Generic.List`1[System.String]>]
 [<CommonParameters>]

The Set-EntraServicePrincipal cmdlet updates a service principal in Microsoft Entra ID.

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -AccountEnabled $false

This example demonstrates how to update AccountEnabled of a service principal in Microsoft Entra ID.

• -ServicePrincipalId parameter specifies the ID of a service principal.
• -AccountEnabled parameter specifies indicates whether the account is enabled.

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
$homePage = 'https://*.e-days.com/SSO/SAML2/SP/AssertionConsumer.aspx?metadata=e-days|ISV9.2|primary|z'
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -Homepage $homePage

This example demonstrates how to update AppId and Homepage of a service principal in Microsoft Entra ID.

• -ServicePrincipalId parameter specifies the ID of a service principal.
• -AppId parameter specifies the application ID.
• -Homepage parameter specifies the home page or landing page of the application.

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -AlternativeNames 'Helpdesk Application Global' -DisplayName 'NewName'

This example demonstrates how to update AlternativeNames and DisplayName of a service principal in Microsoft Entra ID.

• -ServicePrincipalId parameter specifies the ID of a service principal.

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
$logoutUrl = 'https://securescore.office.com/SignOut'
$replyUrls = 'https://admin.contoso.com'
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -LogoutUrl $logoutUrl -ReplyUrls $replyUrls

This example demonstrates how to update LogoutUrl and ReplyUrls of a service principal in Microsoft Entra ID.

• -ServicePrincipalId parameter specifies the ID of a service principal.
• -LogoutUrl parameter specifies the sign out URL.
• -ReplyUrls parameter specifies the URLs that user tokens are sent to for sign in with the associated application.

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -ServicePrincipalType 'Application' -AppRoleAssignmentRequired $True

This example demonstrates how to update ServicePrincipalType and AppRoleAssignmentRequired of a service principal in Microsoft Entra ID.

• -ServicePrincipalId parameter specifies the ID of a service principal.
• -ServicePrincipalType parameter specifies the service principal type.
• -AppRoleAssignmentRequired parameter specifies indicates whether an application role assignment is required.

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
$creds = New-Object Microsoft.Open.AzureAD.Model.KeyCredential
$creds.CustomKeyIdentifier = [System.Text.Encoding]::UTF8.GetBytes('Test')
$startdate = Get-Date -Year 2024 -Month 10 -Day 10
$creds.StartDate = $startdate
$creds.Type = 'Symmetric'
$creds.Usage = 'Sign'
$creds.Value = [System.Text.Encoding]::UTF8.GetBytes('A')
$creds.EndDate = Get-Date -Year 2025 -Month 12 -Day 20
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -KeyCredentials $creds

This example demonstrates how to update KeyCredentials of a service principal in Microsoft Entra ID.

Use the New-EntraServicePrincipalPasswordCredential and Remove-EntraServicePrincipalPasswordCredential cmdlets to update the password or secret for a servicePrincipal.

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Set-EntraServicePrincipal -ServicePrincipalId $servicePrincipal.Id -PreferredSingleSignOnMode 'saml'

This example demonstrates how to update PreferredSingleSignOnMode of a service principal in Microsoft Entra ID.

• -ServicePrincipalId parameter specifies the ID of a service principal.
• -PreferredSingleSignOnMode parameter specifies the single sign-on mode configured for this application.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.