Share via

Azure AD B2C - Disable app Registration

Tarkowski, Michael (M.) 156 Reputation points
2023-05-16T17:27:34.9133333+00:00

I want to disable just some (not all of them) Azure AD B2C registered applications using graph API. What graph API/attribute do I use to disable an Azure AD B2C registered application using graph API?

Looking for an API curl command we can use to script disabling some of our Azure AD B2C registered applications using graph API temporarily, then later re-enable the apps.

We don't want to manually use Azure Enterprise "Enabled for users to sign-in". This would be too tedious for all of the apps we want to temporarily disable.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
0 comments
Accepted answer
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-05-23T19:05:25.9033333+00:00

    Hi @Tarkowski, Michael (M.) , I'm reposting your answer so it can be verified. Please mark "Accept Answer" so other users can reference it.

    1. Use graph API list application and return all of the appIds you want to disable.
    2. Use graph API update service principle to change accountEnabled to false.
    curl --location --request PATCH 'https://graph.microsoft.com/v1.0/servicePrincipals/df68737c-92b3-41b9-9038-5f4a96654e67' \
--header 'Authorization: eyJ0eXAiOiJKV1QiL . . .' \
--header 'Content-Type: application/json' \
--data '{
    "accountEnabled": false
}'
    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Tarkowski, Michael (M.) 156 Reputation points
    2023-05-17T14:04:46.5933333+00:00

    I figured out a work around.

    Use graph API list application and return all of the appIds I want to disable.

    Use graph API update service principle to change accountEnabled to false.

    curl --location --request PATCH 'https://graph.microsoft.com/v1.0/servicePrincipals/df68737c-92b3-41b9-9038-5f4a96654e67' \
--header 'Authorization: eyJ0eXAiOiJKV1QiL . . .' \
--header 'Content-Type: application/json' \
--data '{
    "accountEnabled": false
}'
    1 person found this answer helpful.
    0 comments
  2. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-05-16T21:10:02.92+00:00

    Hi @Tarkowski, Michael (M.) , To disable and re-enable Azure AD B2C registered applications using the Microsoft Graph API, you can update the signInAudience property of the application. By setting the signInAudience to None, you can effectively disable the application. To re-enable the application, set the signInAudience back to its original value (e.g., AzureADMyOrg).

    Here's a sample curl command to update the signInAudience property of an application:

    curl -X PATCH https://graph.microsoft.com/v1.0/applications/{application_id} -H 'Authorization: Bearer {access_token}' -H 'Content-Type: application/json' -d '{ "signInAudience": "None" }'

    Replace {application_id} with the ID of the application you want to disable, and {access_token} with a valid access token.

    To re-enable the application, change the signInAudience value back to its original value, for example:

    curl -X PATCH https://graph.microsoft.com/v1.0/applications/{application_id} -H 'Authorization: Bearer {access_token}' -H 'Content-Type: application/json' -d '{ "signInAudience": "AzureADMyOrg" }'

    Remember to replace {application_id} and {access_token} with the appropriate values.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.