Export a list of applications and their claims configuration

Question

I've seen this question being posted a few times over the years but yet to find a working answer.

I would like to export a list of applications from Entra ID that have Claims configured and those associated Claims. I am not able to use any of the available APIs/PowerShell commands to export this information. Below is an example of the information that I'd like to export programmatically. I've tried different approaches - Service Principal, Application, PowerShell, Graph (including Beta), MS Graph X-Ray with Azure Portal and none yielded a solution. Claims were not configured by claim mapping policy and are not "optional" claims.

Answer 1

Hello @Ziv Rivkis , the default claim schema configured for an Entra ID servicePrincipal is part of the defaultClaimIssuancePolicy which it's currently not available trough MS Graph. I'm reaching the appropiates team for more information about it's potential release date and will come back to you ASAP.

In the meantime you can find more information about updates to the MS Graph in the Microsoft Graph Changelog.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

Answer 2

Hi - is there any other way to get this data ? enterprise app, and their "claims" configuration ? I need to find all the apps in my tenant that have "claims" using primarySMTPAddress (rather than UPN)

Answer 3

Nowadays it's possible to get claims through Microsoft Graph or Powershell (preview).

Read the documentations below and enjoy them:

• https://learn.microsoft.com/en-us/entra/identity-platform/claims-customization-custom-claims-policy
• https://learn.microsoft.com/en-us/graph/api/customclaimspolicy-get?view=graph-rest-beta&tabs=powershell
• https://learn.microsoft.com/en-us/graph/api/claimsmappingpolicy-get?view=graph-rest-1.0&tabs=powershell