Hi @Vlad Toma ,
Thanks for reaching out.
You can use the Azure AD Graph API to retrieve all the service app role assignments for all enterprise applications and then filter the data to show only the enterprise applications that have group assignments
Here is a sample script that retrieves all the service app role assignments for all enterprise applications and filters the data to show only the enterprise applications that have group assignments:
$assignments = Get-AzureADServiceAppRoleAssignment -All $true
$assignments | Where {$_.PrincipalType -eq "Group"} | Select PrincipalDisplayName, PrincipalType, ResourceDisplayName, Resource | Export-Csv -Path "C:\temp\EnterpriseAppsWithGroups.csv" -NoTypeInformation
You can then use the exported CSV file to delete the enterprise applications that have no group assignments.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.