How to view the list of all enterprise applications with the owner, user and date created in azure?

JYLVEN TARRAJA 80 Reputation points
2025-01-22T07:40:34.9666667+00:00

Please asking for your help on this on how to generate a report with all the list of enterprise application in Microsoft Entra with the owner, user and date created?, Anyone who can share on this solutions.

Thank you

Microsoft Security | Intune | Application management
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
0 comments No comments
{count} votes

Accepted answer
  1. Kavya 490 Reputation points
    2025-01-22T13:20:00.6666667+00:00

    You can run the below script to get the required details.

    Connect-MgGraph -Scopes "Application.Read.All" 
    Get-MgServicePrincipal -All | foreach {
     $EnterpriseAppName=$_.DisplayName 
     $Id=$_.Id
     [DateTime]$CreationTime=($_.AdditionalProperties.createdDateTime)
     $CreationTime=$CreationTime.ToLocalTime()
     $Owners=(Get-MgServicePrincipalOwner -ServicePrincipalId $Id).AdditionalProperties.userPrincipalName
     $Owners=$Owners -join ","
     $ExportResult=[PSCustomObject]@{'Enterprise App Name'=$EnterpriseAppName;'App Id'=$Id;'App Owners'=$Owners;'App Creation Time'=$CreationTime}
      $ExportResult | Export-Csv -Path D:/EnterpriseAppReport.csv -Notype -Append}
    

    In case you need additional properties like sign-in status, app origin (whether the app is hosted in the home tenant or an external tenant), role assignments, etc., use this script to generate more detailed report: https://github.com/admindroid-community/powershell-scripts/blob/master/GetEnterpriseAppsReport.ps1

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Marti Peig 970 Reputation points Microsoft Employee
    2025-01-22T09:10:47.9566667+00:00

    Hi JYLVEN TARRAJA

    The following should return what you need, or you can use it as a starting point.

    # Connect to Microsoft Graph
    Connect-MgGraph -Scopes ("Application.Read.All")
    # Get all Service Principals (Enterprise applications)
    $servicePrincipals = Get-MgServicePrincipal -All
    foreach ($sp in $servicePrincipals) {
        
        # Get Application Owners
        $appOwners = [System.Collections.ArrayList]@()
        $ofs = ";"
        $appOwnersIds = Get-MgServicePrincipalOwner -ServicePrincipalId $sp.Id -ErrorAction SilentlyContinue
        if ( $appOwnersIds.count -gt 0 ) {
            $appOwnersIds | ForEach-Object {
                try {
                    $ownerDisplayName = (Get-MgUser -UserId $_.Id -ErrorAction SilentlyContinue).DisplayName
                    $appOwners.add($ownerDisplayName) | Out-Null
                }
                catch {
                    $appOwners.add("Invalid Owner") | Out-Null
                }
                
            }
        }
        Else {
            $appOwners.add("None") | Out-Null
        }
        # Get Application Users
        $appRoleAssignments = Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $sp.Id -ErrorAction SilentlyContinue
        # Construct report data
        $reportData = [PSCustomObject]@{
            "Application Name"  = $sp.DisplayName
            "Application ID"    = $sp.AppId
            "Created Date"      = [String]$sp.AdditionalProperties.createdDateTime
            "Owners"            = [String]$appOwners
            "Users"             = ($appRoleAssignments | ForEach-Object { $_.PrincipalDisplayName }) -join ", "
        }
    # Output or append to a CSV file
    $reportData | Export-Csv -Path "C:\temp\service-principals-report.csv" -Append -NoTypeInformation
    }
    

    As usual, if this answers your query, do click Accept Answer and Yes for what if this answer was helpful. And, if you have any further queries do let us know. 

    I hope it helps

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.