Begivenhed
9. apr., 15 - 10. apr., 12
Code the Future with AI and connect with Java peers and experts at JDConf 2025.
Tilmeld dig nuDisable user sign-in for an application
There might be situations while configuring or managing an application where you don't want tokens to be issued for an application. Or, you might want to block an application that you don't want your employees to try to access. To block user access to an application, you can disable user sign-in for the application, which prevents all tokens from being issued for that application.
In this article, you learn how to prevent users from signing in to an application in Microsoft Entra ID through both the Microsoft Entra admin center and PowerShell. If you're looking for how to block specific users from accessing an application, use user or group assignment.
To disable user sign-in, you need:
- A Microsoft Entra user account. If you don't already have one, you can Create an account for free.
- One of the following roles:
- Cloud Application Administrator
- Application Administrator
- owner of the service principal
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Identity > Applications > Enterprise applications > All applications.
- Search for the application you want to disable a user from signing in, and select the application.
- Select Properties.
- Select No for Enabled for users to sign-in?.
- Select Save.
You might know the AppId of an app that doesn't appear on the Enterprise apps list. For example, if you delete the app or the service principal isn't yet created because Microsoft preauthorizes it. You can manually create the service principal for the app and then disable it by using the following Microsoft Entra PowerShell cmdlet.
Ensure you install the Microsoft Entra PowerShell module. In case you're prompted to install a NuGet module or the new Microsoft Entra PowerShell V2 module, type Y and press ENTER. You need to sign in as at least a Cloud Application Administrator.
PowerShell
# Connect to Microsoft Entra PowerShell
Connect-Entra -scopes "Application.ReadWrite.All"
# The AppId of the service principal to be disabled
$appId = "{AppId}"
# Disable the service principal
$servicePrincipal = Get-EntraServicePrincipal -Filter "appId eq '$appId'"
Set-EntraServicePrincipal -ObjectId $servicePrincipal.ObjectId -AccountEnabled $false
You might know the AppId of an app that doesn't appear on the Enterprise apps list. For example, if you delete the app or the service principal isn't yet created due to the app because Microsoft preauthorizes it. You can manually create the service principal for the app and then disable it by using the following Microsoft Graph PowerShell cmdlet.
Ensure you install the Microsoft Graph module (use the command Install-Module Microsoft.Graph). You need to sign in as at least a Cloud Application Administrator.
PowerShell
# Connect to Microsoft Graph PowerShell
Connect-MgGraph -Scopes "Application.ReadWrite.All"
# Get the AppId of the service principal to be disabled
$appId = "{AppId}"
$servicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$appId'"
# Disable the service principal
Update-MgServicePrincipal -ServicePrincipalId $servicePrincipal.Id -AccountEnabled:$false
You might know the AppId of an app that doesn't appear on the Enterprise apps list. For example, if you delete the app or the service principal isn't yet created due to the app because Microsoft preauthorizes it. You can manually create the service principal for the app and then disable it by using the following Microsoft Graph call.
To disable sign-in to an application, sign in to Graph Explorer as at least a Cloud Application Administrator.
You need to consent to the Application.ReadWrite.All permission.
Run the following query to disable user sign-in to an application.
HTTP
PATCH https://graph.microsoft.com/v1.0/servicePrincipals/00001111-aaaa-2222-bbbb-3333cccc4444
Content-type: application/json
{
"accountEnabled": false
}
Yderligere ressourcer
Træning
Modul
Manage Microsoft Entra application access - Training
This module focuses on effectively managing identities and enhancing security in Microsoft Enterprise Identity, ensuring that users, groups, and external identities are protected against security threats and unauthorized access.
Certificering
Microsoft Certified: Associate for identitets- og adgangsadministrator - Certifications
Demonstrer funktionerne i Microsoft Entra ID for at modernisere identitetsløsninger, implementere hybridløsninger og implementere identitetsstyring.