Automating Service Principal Registration In Microsoft Entra

Microsoft is phasing out multi-tenant application authentication in directories without registered service principals (SPs). This article covers automated discovery and remediation using PowerShell and Microsoft Graph API.

Key Commands & Scripts

1. Find Apps Missing Service Principals

Get-MgBetaAuditLogSignIn -Filter "signInEventTypes/any(t: t eq 'servicePrincipal') and servicePrincipalId eq '00000000-0000-0000-0000-000000000000'" | Out-GridView -PassThru | ForEach-Object {New-MgBetaServicePrincipal -AppId $_.appId}

2. Automate SP Registration & Log Remediation

Nathan McNulty’s GitHub script automates SP registration and logs remediation steps:

Invoke-WebRequest -Uri "https://github.com/nathanmcnulty/nathanmcnulty/blob/master/Entra/fix-sp-less-apps.ps1" -OutFile "fix-sp-less-apps.ps1" 
.\fix-sp-less-apps.ps1

This script also generates a log with commands to remove unwanted SPs.

3. Query Microsoft Graph for SP-less Sign-Ins

(Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/auditLogs/signIns?`$filter=signInEventTypes/any(t:t eq 'servicePrincipal') and servicePrincipalId eq '00000000-0000-0000-0000-000000000000'&`$top=1").value

You Should Know:

Why This Matters: Unregistered SPs can bypass Conditional Access policies.
Conditional Access: After registration, apps appear in the Conditional Access app picker.
Audit Logs: SP-less sign-ins may appear in interactive logs, not just SP-specific ones.

Expected Output:

A list of apps missing SPs.
Automated registration logs in output.txt.
Remediation commands for cleanup.

What Undercode Say

Managing service principals is critical for securing multi-tenant apps. Automation reduces misconfigurations and ensures compliance. Additional useful commands:

Linux/Mac (via Azure CLI)

az ad sp list --query "[?appId=='YOUR_APP_ID']" 
az ad sp create --id "APP_ID"

Windows (PowerShell)

Get-AzADServicePrincipal | Where-Object { $_.DisplayName -like "TargetApp" } 
New-AzADServicePrincipal -ApplicationId "APP_ID"

Graph API (Alternative Query)

GET https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq 'APP_ID'

Conclusion

Automating SP registration closes security gaps and ensures audit readiness. Test scripts in non-production tenants first.

Expected Output:

Secure multi-tenant app authentication.
Logged remediation steps.
Improved Conditional Access coverage.

Reference:

References:

Reported By: Nathanmcnulty Remove – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Listen to this Post

Key Commands & Scripts

1. Find Apps Missing Service Principals

2. Automate SP Registration & Log Remediation

3. Query Microsoft Graph for SP-less Sign-Ins

You Should Know:

Expected Output:

What Undercode Say

Linux/Mac (via Azure CLI)

Windows (PowerShell)

Graph API (Alternative Query)

Conclusion

Expected Output:

Reference:

References:

Join Our Cyber World:

Related Posts: