![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 70%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYR%3C/text%3E%3C/svg%3E)
13,724 questions
Hello Yaswanth , Welcome to MS Q&A
The reason you may not be able to read some service principals and app registrations even with Directory.Read.All and Application.Read.All permissions is that these permissions only grant access to read all properties of single-tenant and multi-tenant applications outside of properties that cannot be read in any situation like credentials. To read other properties, you need to include the appropriate read permissions for the specific properties you want to access. For example, if you want to read the owners property on single-tenant and multi-tenant applications, you need the microsoft.directory/applications/owners/read permission.
References:
- Application registration permissions for custom roles in Microsoft Entra ID - Read
- Application and service principal objects in Microsoft Entra ID - Relationship between application objects and service principals
Kindly check and let us know if any further questions
Thanks
Deepanshu