Written by

Arut Selvan




see all categories
intranet as a service

How to register/unregister SharePoint add-ins using PowerShell

Suppose, you would like to have the remote components of a provider-hosted SharePoint Add-in to interact with SharePoint using OAuth, what should you do? You should first register with the Azure ACS cloud-based service and the SharePoint App Management Service of the tenancy or farm. Let us now dive straight into how to register/unregister SharePoint add-ins.

To register an app into office 365 tenancy we use the layouts/appregnew.aspx page which is a standard old way of doing it. But, I thought there should be some smarter way to do it. After much research, I got a scenario to automate this process using a deployment package. I was searching for a while in the internet and got few stuffs like updating expiring Client Secret etc. More on that here: https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in

I have used MSOLService from AzureAD powershell package to register the SharePoint Add-in Office365 tenancy. Here is how to register an Add-in.

  1. Download the AzureAD powershell package from this link.
  2. Run the below PS Script after mentioning the Client ID, app name, app domain and the app redirect URL.
  3. Provide your Global administrator username and password while connecting to MSOLService.

$bytes = New-Object Byte[] 32

$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()



$newClientSecret = [System.Convert]::ToBase64String($bytes)



$appName="Your App Name"

$servicePrincipalName = @("$clientID/$appDomain")

$dtStart = [System.DateTime]::Now

$dtEnd = $dtStart.AddYears(3)


New-MsolServicePrincipal -ServicePrincipalNames $servicePrincipalName -AppPrincipalId $clientID -DisplayName $appName -Type Symmetric -Usage Verify -Value $newClientSecret -Addresses (New-MsolServicePrincipalAddresses -Address $appUrl) -StartDate $dtStart  –EndDate $dtEnd

New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart  –EndDate $dtEnd

New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart  –EndDate $dtEnd

To unregister the Add-in you can use the below script. Make sure that you are providing the global admin credentials as we already gave while registering.


$appPrincipal = Get-MsolServicePrincipal -ServicePrincipalName $clientID
Remove-MsolServicePrincipal -ObjectId $appPrincipal.ObjectId

Hope you find this little trick useful. Let me know your thoughts, and if you are held up somewhere, don’t feel shy to ask. I am here available for you in the comments section below.

Arut Selvan

Written by Arut Selvan

A technology enthusiast keen in learning & exploring new Microsoft technologies. Predominantly working on Microsoft 365, SharePoint & Azure. Currently working with "Hubfly - A unified digital workplace" as a Product Engineer, Arut brings in the new flavors of the technology to the product. He ensures we are always on the edge in our technology stack. He brings in innovation to the product with his out of the box thinking. He is also a Microsoft certified professional.