Export Enterprise application with assigned groups

Vlad Toma 20 Reputation points
2023-03-06T16:18:54.01+00:00

Hi,

We're doing a cleanup of our Entr Apps (330 in total) and was looking for a way to export these apps with assigned groups included, so we can delete the ones that have no group assignments.

Thanks!

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,467 questions
{count} votes

Accepted answer
  1. Shweta Mathur 12,671 Reputation points Microsoft Employee
    2023-03-07T10:05:28.9133333+00:00

    Hi @Vlad Toma ,

    Thanks for reaching out.

    You can use the Azure AD Graph API to retrieve all the service app role assignments for all enterprise applications and then filter the data to show only the enterprise applications that have group assignments

    Here is a sample script that retrieves all the service app role assignments for all enterprise applications and filters the data to show only the enterprise applications that have group assignments:

    $assignments = Get-AzureADServiceAppRoleAssignment -All $true 
    $assignments | Where {$_.PrincipalType -eq "Group"} | Select PrincipalDisplayName, PrincipalType, ResourceDisplayName, Resource | Export-Csv -Path "C:\temp\EnterpriseAppsWithGroups.csv" -NoTypeInformation
    
    

    You can then use the exported CSV file to delete the enterprise applications that have no group assignments.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

1 additional answer

Sort by: Most helpful
  1. Manu Philip 14,356 Reputation points MVP
    2023-03-06T17:07:46.92+00:00

    The following link can help you on finding the users and groups assigned to the AD Application

    Display users and groups assigned to an Application Proxy application


    --please don't forget to upvote and Accept as answer if the reply is helpful--