Get all Application Proxy apps and list extended information
This PowerShell script example lists information about all Microsoft Entra application proxy applications, including the application ID (AppId), name (DisplayName), external URL (ExternalUrl), internal URL (InternalUrl), authentication type (ExternalAuthenticationType), SSO mode and further settings.
Changing the value of the $ssoMode variable enables a filtered output by SSO mode. Further details are documented in the script.
If you don't have an Azure subscription, create an Azure free account before you begin.
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
Azure Cloud Shell
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.
To start Azure Cloud Shell:
| Option | Example/Link |
|---|---|
| Select Try It in the upper-right corner of a code or command block. Selecting Try It doesn't automatically copy the code or command to Cloud Shell. |  |
| Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. |  |
| Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. |  |
To use Azure Cloud Shell:
Start Cloud Shell.
Select the Copy button on a code block (or command block) to copy the code or command.
Paste the code or command into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.
Select Enter to run the code or command.
This sample requires the Azure Active Directory PowerShell 2.0 for Graph module.
Sample script
# This sample script gets all Azure AD Application Proxy applications (AppId, Name of the app, external / internal url, pre-authentication type etc.).
#
# This script requires PowerShell 5.1 (x64) and one of the following modules:
# AzureAD 2.0.2.128
#
# Before you begin:
# Run Connect-AzureAD to connect to the tenant domain.
# Required Azure AD role: Global Administrator or Application Administrator or Application Developer
$ssoMode = "All"
# Change $ssoMode to filter the output based on the configured SSO type
# All - all Azure AD Application Proxy apps (no filter)
# None - Azure AD Application Proxy apps configured with no SSO, SAML, Linked, Password
# OnPremisesKerberos - Azure AD Application Proxy apps configured with Windows Integrated SSO (Kerberos Constrained Delegation)
Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$aadapServPrinc = Get-AzureADServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}
Write-Host "Reading Azure AD applications. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$allApps = Get-AzureADApplication -Top 100000
Write-Host "Reading application. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$aadapApp = $aadapServPrinc | ForEach-Object { $allApps -match $_.AppId}
Write-Host "Displaying all Azure AD Application Proxy applications with configuration details..." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host "SSO mode filter: " $ssoMode -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "
foreach ($item in $aadapApp) {
$aadapTemp = Get-AzureADApplicationProxyApplication -ObjectId $item.ObjectId
if ($ssoMode -eq "All" -Or $aadapTemp.SingleSignOnSettings.SingleSignOnMode -eq $ssoMode) {
$aadapServPrinc[$aadapApp.IndexOf($item)].DisplayName + " (AppId: " + $aadapServPrinc[$aadapApp.IndexOf($item)].AppId + ")";
Write-Host "External Url: " $aadapTemp.ExternalUrl
Write-Host "Internal Url: " $aadapTemp.InternalUrl
Write-Host "Pre authentication type: " $aadapTemp.ExternalAuthenticationType
Write-Host "SSO mode: " $aadapTemp.SingleSignOnSettings.SingleSignOnMode
If ($aadapTemp.SingleSignOnSettings.SingleSignOnMode -eq "OnPremisesKerberos") {
Write-Host "Service Principal Name (SPN): " $aadtemp.SingleSignOnSettings.KerberosSignOnSettings.KerberosServicePrincipalName
Write-Host "Username Mapping Attribute: " $aadapTemp.SingleSignOnSettings.KerberosSignOnSettings.KerberosSignOnMappingAttributeType
}
Write-Host "Backend Application Timeout: " $aadapTemp.ApplicationServerTimeout
Write-Host "Translate URLs in Headers: " $aadapTemp.IsTranslateHostHeaderEnabled
Write-Host "Translate URLs in Application Body: " $aadapTemp.IsTranslateLinksInBodyEnabled
Write-Host "Use HTTP-Only Cookie: " $aadapTemp.IsHttpOnlyCookieEnabled
Write-Host "Use Secure Cookie: " $aadapTemp.IsSecureCookieEnabled
Write-Host "Use Persistent Cookie: " $aadapTemp.IsPersistentCookieEnabled
If ($aadapTemp.VerifiedCustomDomainCertificatesMetadata.Thumbprint.Length -ne 0) {
Write-Host "SSL Certificate details:"
Write-Host "Certificate SubjectName: " $aadapTemp.VerifiedCustomDomainCertificatesMetadata.SubjectName
Write-Host "Certificate Thumbprint: " $aadapTemp.VerifiedCustomDomainCertificatesMetadata.Issuer
Write-Host "Certificate Thumbprint: " $aadapTemp.VerifiedCustomDomainCertificatesMetadata.Thumbprint
Write-Host "Valid from: " $aadapTemp.VerifiedCustomDomainCertificatesMetadata.IssueDate
Write-Host "Valid to: " $aadapTemp.VerifiedCustomDomainCertificatesMetadata.ExpiryDate
}
Write-Host ""
}
}
Write-Host ("")
Write-Host ("Finished.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host ("")
Script explanation
| Command | Notes |
|---|---|
| Get-AzureADServicePrincipal | Gets a service principal. |
| Get-AzureADApplication | Gets a Microsoft Entra application. |
| Get-AzureADApplicationProxyApplication | Retrieves an application configured for Application Proxy in Microsoft Entra ID. |
Next steps
For more information on the Azure AD PowerShell module, see Azure AD PowerShell module overview.
For other PowerShell examples for Application Proxy, see Azure AD PowerShell examples for Microsoft Entra application proxy.
Feedback
Submit and view feedback for