![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 49%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVT%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Vlad Toma ,
Thanks for reaching out.
You can use the Azure AD Graph API to retrieve all the service app role assignments for all enterprise applications and then filter the data to show only the enterprise applications that have group assignments
Here is a sample script that retrieves all the service app role assignments for all enterprise applications and filters the data to show only the enterprise applications that have group assignments:
$assignments = Get-AzureADServiceAppRoleAssignment -All $true
$assignments | Where {$_.PrincipalType -eq "Group"} | Select PrincipalDisplayName, PrincipalType, ResourceDisplayName, Resource | Export-Csv -Path "C:\temp\EnterpriseAppsWithGroups.csv" -NoTypeInformation
You can then use the exported CSV file to delete the enterprise applications that have no group assignments.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
