Share via

Need help on Microsoft graph API filter with application's passwordCredentials keyId

Liju P Nandanan 21 Reputation points
2022-11-24T11:49:20.087+00:00

I am trying to search the app registration key and expiry details with microsoft graph api. I am able to list the details with app id / display name

https://graph.microsoft.com/v1.0/applications?$select=appId,displayName,passwordCredentials,keyCredentials&$filter=appId in ('32339278-4ba9-*****-***-********') and the result is as follows

{
"appId": "32339278-4ba9-*****-***-********",
"displayName": "LijuDemoAppRegistration",
"passwordCredentials": [
{
"customKeyIdentifier": null,
"displayName": "DemoAppClientSecret",
"endDateTime": "2022-12-28T05:50:43.493Z",
"hint": "Z5K",
"keyId": "11fcdf34-**xxxx-4d6f-b4c1-************",
"secretText": null,
"startDateTime": "2022-09-28T05:50:43.493Z"
}
],
"keyCredentials": []

Is there any way I can filter this with keyId instead of appId

Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Graph
0 comments
Accepted answer
  1. Harpreet Singh Matharoo 8,396 Reputation points Microsoft Employee Moderator
    2022-11-24T12:31:43.623+00:00

    Hello @Liju P Nandanan

    Thank you for reaching out. I would like to confirm querying app using keyId would be very difficult using Graph API, since passwordCredentials is a complex attribute which additionally contains various multi-valued properties. Within Graph explorer or graph query if you try to expand passwordCredentials and filter using keyId you might get an error stating "Parsing OData Select and Expand failed: Property 'passwordCredentials' on type 'microsoft.graph.application' is not a navigation property or complex property. Only navigation properties can be expanded"

    The easiest way to query Azure AD Application using keyId would be to use Microsoft Graph PowerShell. You can refer following command which can give you desired outputs: 

    Import-Module Microsoft.Graph.Applications  
Connect-MgGraph -Scopes 'Application.Read.All'  
Select-MgProfile -Name beta  
Get-MgApplication | Where-Object {$_.PasswordCredentials.KeyId -eq '4138079c-775b-4156-9d25-72e4cac875de'} | Select-Object -Property appId,displayName,passwordCredentials,keyCredentials  
Get-MgApplication | Where-Object {$_.PasswordCredentials.KeyId -match '4138079c'} | Select-Object -Property appId,displayName,passwordCredentials,keyCredentials

    Screenshot for reference output:

    263857-image.png
    I hope this helps.

    ----------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.