Azure AD B2C - Disable app Registration

Tarkowski, Michael (M.) 106 Reputation points
2023-05-16T17:27:34.9133333+00:00

I want to disable just some (not all of them) Azure AD B2C registered applications using graph API. What graph API/attribute do I use to disable an Azure AD B2C registered application using graph API?

Looking for an API curl command we can use to script disabling some of our Azure AD B2C registered applications using graph API temporarily, then later re-enable the apps.

We don't want to manually use Azure Enterprise "Enabled for users to sign-in". This would be too tedious for all of the apps we want to temporarily disable.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,746 questions
Microsoft Graph Azure AD API
Microsoft Graph Azure AD API
A Microsoft API that queries the user's profile, finds other users, manages organizational relationships, tracks assignments, or creates original solutions that incorporate existing organizational data.
254 questions
0 comments No comments
{count} votes

Accepted answer
  1. James Hamil 14,346 Reputation points Microsoft Employee
    2023-05-23T19:05:25.9033333+00:00

    Hi @Tarkowski, Michael (M.) , I'm reposting your answer so it can be verified. Please mark "Accept Answer" so other users can reference it.

    1. Use graph API list application and return all of the appIds you want to disable.
    2. Use graph API update service principle to change accountEnabled to false.
    curl --location --request PATCH 'https://graph.microsoft.com/v1.0/servicePrincipals/df68737c-92b3-41b9-9038-5f4a96654e67' \
    --header 'Authorization: eyJ0eXAiOiJKV1QiL . . .' \
    --header 'Content-Type: application/json' \
    --data '{
        "accountEnabled": false
    }'
    
    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Tarkowski, Michael (M.) 106 Reputation points
    2023-05-17T14:04:46.5933333+00:00

    I figured out a work around.

    Use graph API list application and return all of the appIds I want to disable.

    Use graph API update service principle to change accountEnabled to false.

    curl --location --request PATCH 'https://graph.microsoft.com/v1.0/servicePrincipals/df68737c-92b3-41b9-9038-5f4a96654e67' \
    --header 'Authorization: eyJ0eXAiOiJKV1QiL . . .' \
    --header 'Content-Type: application/json' \
    --data '{
        "accountEnabled": false
    }'
    
    1 person found this answer helpful.
    0 comments No comments

  2. James Hamil 14,346 Reputation points Microsoft Employee
    2023-05-16T21:10:02.92+00:00

    Hi @Tarkowski, Michael (M.) , To disable and re-enable Azure AD B2C registered applications using the Microsoft Graph API, you can update the signInAudience property of the application. By setting the signInAudience to None, you can effectively disable the application. To re-enable the application, set the signInAudience back to its original value (e.g., AzureADMyOrg).

    Here's a sample curl command to update the signInAudience property of an application:

    curl -X PATCH https://graph.microsoft.com/v1.0/applications/{application_id} -H 'Authorization: Bearer {access_token}' -H 'Content-Type: application/json' -d '{ "signInAudience": "None" }'
    

    Replace {application_id} with the ID of the application you want to disable, and {access_token} with a valid access token.

    To re-enable the application, change the signInAudience value back to its original value, for example:

    curl -X PATCH https://graph.microsoft.com/v1.0/applications/{application_id} -H 'Authorization: Bearer {access_token}' -H 'Content-Type: application/json' -d '{ "signInAudience": "AzureADMyOrg" }'
    

    Remember to replace {application_id} and {access_token} with the appropriate values.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James