How to get all role assigned users from all tenants that installed my Azure App Registration, from App ID?

Ray Chen 0 Reputation points
2024-02-14T20:08:57.69+00:00

I have an App Registration that supports multiple organizations / multi-tenants (and I have the corresponding client_id and client_secret). I am trying to get the list of all users who have assigned roles across all tenants that installed my enterprise application. I tried using /servicePrincipals(appId='{appId}')/appRoleAssignedTo but this only gives me users in my organization directory instead of across all tenants and their organization directories for the specified appId.
https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignedto?view=graph-rest-1.0&tabs=http

Is there a Graph query that such that I can fetch all role assigned users across all tenants for this specific appId?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,846 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,393 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 103.9K Reputation points MVP
    2024-02-15T07:12:13.3933333+00:00

    The only way to get such data is to query each tenant individually, and to do that you will of course need sufficient permissions within each tenant.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.