diff --git a/scripts/create-pcs.sh b/scripts/create-pcs.sh
new file mode 100755
index 0000000..8b2a10e
--- /dev/null
+++ b/scripts/create-pcs.sh
@@ -0,0 +1,121 @@
+#!/usr/bin/env bash
+
+# Create the PCA for loggin in to Entra ID
+function usage() {
+  echo "Usage: $0 [options]"
+  echo "Options:"
+  echo "  -n, --app-name <name>  Application display name (required)"
+  echo "  -h, --help    Show this help message and exit"
+}
+
+function main() {
+    local APP_NAME=""
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            -h|--help)
+            usage
+            echo "Options:"
+            echo "  -h, --help    Show this help message and exit"
+            exit 0
+            ;;
+            -n|--app-name)
+            APP_NAME="$2"
+            shift 2
+            ;;
+            -*)
+            echo "Unknown option: $1"
+            echo "Use -h or --help for usage information."
+            exit 1
+            ;;
+            *) # Leave the rest of the arguments for the script to process
+            break
+            ;;
+        esac
+    done
+
+    if [[ -z "$APP_NAME" ]]; then
+        echo "Error: Application name is required."
+        usage
+        exit 1
+    fi
+
+    # Find the app by name
+    APP_ID=$(az ad app list --display-name "$APP_NAME" --query "[0].appId" -o tsv)
+    if [[ -n "$APP_ID" ]]; then
+        echo "Error: Application '$APP_NAME' already exists."
+        exit 1
+    fi
+
+    # Create the app
+    APP_ID=$(az ad app create --display-name "$APP_NAME" --query "appId" -o tsv)
+    if [[ -z "$APP_ID" ]]; then
+        echo "Error: Failed to create application '$APP_NAME'."
+        exit 1
+    fi
+
+    local M365_GRAPH_APP_ID="00000003-0000-0000-c000-000000000000"
+    local M365_GRAPH_SCOPE_ID="0e263e50-5827-48a4-b97c-d940288653c7"
+    local AZURE_SERVICE_MGMT_APP_ID="797f4846-ba00-4fd7-ba43-dac1f8f63013"
+    local AZURE_SERVICE_MGMT_SCOPE_ID="41094075-9dad-400e-a0bd-54e686782033"
+    local AZURE_DEVOPS_APP_ID="499b84ac-1321-427f-aa17-267ca6975798"
+    local AZURE_DEVOPS_SCOPE_ID="ee69721e-6c3a-468f-a9ec-302d16a4c599"
+
+    local REQUIRED_RESOURCE_ACCESS_JSON
+    REQUIRED_RESOURCE_ACCESS_JSON=$(cat <<EOF
+[
+  {
+    "resourceAppId": "${M365_GRAPH_APP_ID}",
+    "resourceAccess": [
+      {
+        "id": "${M365_GRAPH_SCOPE_ID}",
+        "type": "Scope"
+      }
+    ]
+  },
+  {
+    "resourceAppId": "${AZURE_DEVOPS_APP_ID}",
+    "resourceAccess": [
+      {
+        "id": "${AZURE_DEVOPS_SCOPE_ID}",
+        "type": "Scope"
+      }
+    ]
+  },
+  {
+    "resourceAppId": "${AZURE_SERVICE_MGMT_APP_ID}",
+    "resourceAccess": [
+      {
+        "id": "${AZURE_SERVICE_MGMT_SCOPE_ID}",
+        "type": "Scope"
+      }
+    ]
+  }
+]
+EOF
+)
+
+    local PUBLIC_CLIENT_REDIRECT_URIS_JSON
+    PUBLIC_CLIENT_REDIRECT_URIS_JSON=$(cat <<EOF
+[
+  "http://localhost",
+  "msal${APP_ID}://auth"
+]
+EOF
+)
+
+    # Configure app to match "Azure Node Playground Public".
+    az ad app update \
+      --id "$APP_ID" \
+      --set signInAudience=AzureADMyOrg \
+            isFallbackPublicClient=true \
+            requiredResourceAccess="$REQUIRED_RESOURCE_ACCESS_JSON" \
+            publicClient.redirectUris="$PUBLIC_CLIENT_REDIRECT_URIS_JSON" \
+            web.implicitGrantSettings.enableAccessTokenIssuance=true \
+            web.implicitGrantSettings.enableIdTokenIssuance=true \
+      1>/dev/null
+
+    echo "Created application '$APP_NAME'"
+    echo "appId: $APP_ID"
+}
+
+main "$@"
diff --git a/scripts/get-full-app-info.sh b/scripts/get-full-app-info.sh
new file mode 100755
index 0000000..610d6fe
--- /dev/null
+++ b/scripts/get-full-app-info.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+APP_NAME="$1"
+
+APP_ID=$(az ad app list --display-name "$APP_NAME" --query "[0].appId" -o tsv)
+az ad app show --id "$APP_ID" -o json