This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES2%3C/text%3E%3C/svg%3E)
Hello All,
I have certain SAML SSO applications configured in Azure but I need to change certificate expiring email notification to admin.
So do we have any command to change for all the applications.
Regards,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Anonymous You will need to update them individually for now as there is no such bulk edit option via GUI/API yet. By default the notification email address address is currently set to the email account with which the user logged in and Added the Application on Azure AD.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
I was not able to bulk edit yet but was able to run this command in ms graph and find all the apps I wanted to change.
Run GET https://graph.microsoft.com/beta/serviceprincipals?$filter=preferredSingleSignOnMode eq 'saml'&$select=appDisplayName,notificationEmailAddresses
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 13%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Thanks Nathan, this is SUPER helpful!!
Based of this you might be able to built a PowerShell script that updates the returned values, our list is so short it will be easier for us to manually edit then try to build.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Is this still not able to be done? I need to do a bulk edit on all of my Enterprise applications to first a check the email and then change it to a new email address.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 39%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Yes, this would be a valuable thing to be able to do.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 57.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBJ%3C/text%3E%3C/svg%3E)
It's been a long time since your question, but I hope my answer helps you and everyone else who has this concern. I was facing the same issue and needed to change all the Enterprise Application SAML SSO certificate expiration notification emails in my organization. I tried with MS Graph, but it didn't work because I didn't have enough permissions.
Looking at all the Azure CLI commands I've found az ad sp update. Which helps update the attributes of a service principal.
This is a draft example of how you might approach developing a script that automates this.
# Create a function to search all the Service Principals that it's preferredSSOMode is saml and then store the id of all SP that've matched
az ad sp list --filter "preferredSingleSignOnMode eq 'saml'"
# Create another function that takes all the ids of the SP and modifies the attribute notificationEmailAddresses (which is a list) one SP at a time.
az ad sp update --id <ids[$i]> --set notificationEmailAddresses='["******@ex.com","******@ex.com","******@ex.com"]'
Hope this helps someone, it took me a while to figure it out!