Getting more info on Azure AD Applications

Etienne Duhamel 71 Reputation points
2021-03-19T14:29:21.367+00:00

I'm trying to get information about the Entreprise Applications from Azure AD (with a PowerShell script)

First I'm getting the app configuration files, with the PS command : Get-AzureADApplication, but important information are missing, like the application type (web, native, browser, etc.) for OAuth apps in order to identify the grant types (authorization code, implicit) et the response types (code, token, id token). For SAML apps, a lot of info are missing : audience url, subject name ID template and format, digest algorithm, signature algorithm and the authentication context class.
Are there any means to retrieve those information with a PS command?

Furthermore, I added Salesforce to my Azure AD, why is it tagged as an OAuth app instead of a Gallery SAML Application ? I'm referring to the tags presented here : https://learn.microsoft.com/answers/answers/24461/view.html

Thanks in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,535 questions
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 36,336 Reputation points Microsoft Employee
    2021-03-22T22:44:34.037+00:00

    To get all native applications:

    Get-AzureADApplication -All:$true | Where-Object { $_.PublicClient -eq $true } | FT  
    

    To get all web app/API applications:

    Get-AzureADApplication -All:$true | Where-Object { $_.PublicClient -ne $true } | FT  
    

    You may be able to filter by grant_type but I don't believe there's a way to just list the grant_types for all applications or service principals.

    Through a combination of Get-AzureADApplication and Get-AzureADServicePrincipal you should be able to filter for many of these properties. https://learn.microsoft.com/en-us/powershell/azure/active-directory/list-service-principal-application-roles?view=azureadps-2.0

    For SAML apps though, I am not sure that there is anything available in Powershell for retrieving the specific properties you listed. Though there do appear to be some custom PHP solutions online though. As mentioned in the thread you referenced, you can use this to list all of your Azure AD authenticated SAML apps:

    Connect-AzureAD  
    $type = "SAML APP"  
    Get-AzureADServicePrincipal -All $true | Where-Object {($_.Tags -contains "WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1") -or ($_.Tags -contains "WindowsAzureActiveDirectoryCustomSingleSignOnApplication")} | Select DisplayName, @{Name="AppType"; Expression={$type}}   
    

    For your question about your Salesforce app, could it be that you used the non-gallery feature to configure the app so that it has both "WindowsAzureActiveDirectoryGalleryApplicationPrimaryV1" and "WindowsAzureActiveDirectoryCustomSingleSignOnApplication" applied?

    I am checking with the product team to see if there are better ways to query some of the properties you mentioned.


0 additional answers

Sort by: Most helpful