Need help on Microsoft graph API filter with application's passwordCredentials keyId

Liju P Nandanan 21 Reputation points

I am trying to search the app registration key and expiry details with microsoft graph api. I am able to list the details with app id / display name$select=appId,displayName,passwordCredentials,keyCredentials&$filter=appId in ('32339278-4ba9-*****-***-********') and the result is as follows

"appId": "32339278-4ba9-*****-***-********",
"displayName": "LijuDemoAppRegistration",
"passwordCredentials": [
"customKeyIdentifier": null,
"displayName": "DemoAppClientSecret",
"endDateTime": "2022-12-28T05:50:43.493Z",
"hint": "Z5K",
"keyId": "11fcdf34-**xxxx-4d6f-b4c1-************",
"secretText": null,
"startDateTime": "2022-09-28T05:50:43.493Z"
"keyCredentials": []

Is there any way I can filter this with keyId instead of appId

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,322 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,466 questions
0 comments No comments
{count} votes

Accepted answer
  1. Harpreet Singh Matharoo 7,621 Reputation points Microsoft Employee

    Hello @Liju P Nandanan

    Thank you for reaching out. I would like to confirm querying app using keyId would be very difficult using Graph API, since passwordCredentials is a complex attribute which additionally contains various multi-valued properties. Within Graph explorer or graph query if you try to expand passwordCredentials and filter using keyId you might get an error stating "Parsing OData Select and Expand failed: Property 'passwordCredentials' on type 'microsoft.graph.application' is not a navigation property or complex property. Only navigation properties can be expanded"

    The easiest way to query Azure AD Application using keyId would be to use Microsoft Graph PowerShell. You can refer following command which can give you desired outputs:

    Import-Module Microsoft.Graph.Applications  
    Connect-MgGraph -Scopes 'Application.Read.All'  
    Select-MgProfile -Name beta  
    Get-MgApplication | Where-Object {$_.PasswordCredentials.KeyId -eq '4138079c-775b-4156-9d25-72e4cac875de'} | Select-Object -Property appId,displayName,passwordCredentials,keyCredentials  
    Get-MgApplication | Where-Object {$_.PasswordCredentials.KeyId -match '4138079c'} | Select-Object -Property appId,displayName,passwordCredentials,keyCredentials  

    Screenshot for reference output:

    I hope this helps.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful