Update serviceprincipal

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Update the properties of serviceprincipal object.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Not supported.
Delegated (personal Microsoft account) Not supported.
Application Not supported.

HTTP request

PATCH /servicePrincipals/{id}

Request headers

Name Type Description
Authorization string Bearer {token}. Required.

Request body

In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

Property Type Description
accountEnabled Boolean true if the service principal account is enabled; otherwise, false.
appDisplayName String The display name exposed by the associated application.
appId String The unique identifier for the associated application (its appId property).
appRoleAssignmentRequired Boolean Specifies whether an appRoleAssignment to a user or group is required before Azure AD will issue a user or access token to the application. Notes: Requires version 1.5 or newer, not nullable.
appRoles appRole The application roles exposed by the associated application. For more information see the appRoles property definition on the application entity Notes: Requires version 1.5 or newer, not nullable.
displayName String The display name for the service principal.
errorUrl String
homepage String The URL to the homepage of the associated application.
keyCredentials keyCredential The collection of key credentials associated with the service principal. Notes: not nullable.
logoutUrl String Specifies the URL that will be used by Microsoft's authorization service to logout an user using front-channel, back-channel or SAML logout protocols.
oauth2Permissions oAuth2Permission The OAuth 2.0 permissions exposed by the associated application. For more information see the oauth2Permissions property definition on the application entity. Notes: Requires version 1.5 or newer, not nullable.
passwordCredentials passwordCredential The collection of password credentials associated with the service principal. Notes: not nullable.
preferredTokenSigningKeyThumbprint String Reserved for internal use only. Do not write or otherwise rely on this property. May be removed in future versions. Notes: Requires version 1.5 or newer.
publisherName String The display name of the tenant in which the associated application is specified.
replyUrls String The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application. Notes: not nullable.
samlMetadataUrl String
servicePrincipalNames String The URIs that identify the associated application. For more information see, Application Objects and Service Principal Objects. Notes: not nullable, the any operator is required for filter expressions on multi-valued properties; for more information, see Supported Queries, Filters, and Paging Options.
tags String Notes: not nullable.

Response

If successful, this method returns a 200 OK response code and updated servicePrincipal object in the response body.

Example

Request

Here is an example of the request.

PATCH https://graph.microsoft.com/beta/servicePrincipals/{id}
Content-type: application/json
Content-length: 391

{
  "accountEnabled": true,
  "addIns": [
    {
      "id": "id-value",
      "type": "type-value",
      "properties": [
        {
          "key": "key-value",
          "value": "value-value"
        }
      ]
    }
  ],
  "appDisplayName": "appDisplayName-value",
  "appId": "appId-value",
  "appOwnerOrganizationId": "appOwnerOrganizationId-value",
  "appRoleAssignmentRequired": true
}
Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 391

{
  "accountEnabled": true,
  "addIns": [
    {
      "id": "id-value",
      "type": "type-value",
      "properties": [
        {
          "key": "key-value",
          "value": "value-value"
        }
      ]
    }
  ],
  "appDisplayName": "appDisplayName-value",
  "appId": "appId-value",
  "appOwnerOrganizationId": "appOwnerOrganizationId-value",
  "appRoleAssignmentRequired": true
}