Редагувати

Поділитися через


Hide an Enterprise application

Learn how to hide enterprise applications in Microsoft Entra ID. When an application is hidden, users still have permissions to the application.

Prerequisites

To hide an application from the My Apps portal and Microsoft 365 launcher, you need:

  • An Azure account with an active subscription. Create an account for free.
  • One of the following roles: Cloud Application Administrator, Application Administrator.
  • Global Administrator is required to hide all Microsoft 365 applications.

Hide an application from the end user

Use the following steps to hide an application from My Apps portal and Microsoft 365 application launcher.

  1. Sign in to the Microsoft Entra admin center as at least a cloud application administrator.
  2. Browse to Identity > Applications > Enterprise applications > All applications.
  3. Search for the application you want to hide, and select the application.
  4. In the left navigation pane, select Properties.
  5. Select No for the Visible to users? question.
  6. Select Save.

Note

These instructions apply only to non-first-party Microsoft Enterprise Applications. To learn more about first-party Microsoft applications see First-party Microsoft applications in sign-in reports. Administrators also need to keep in mind that hiding the application from the users doesn't prevent them from signing into these applications via methods other than the My Apps portal, such as shared links or service dependencies.

To hide an application from the My Apps portal, using Azure AD PowerShell, you need to connect to Azure AD PowerShell and sign in as at least a Cloud Application Administrator. You can manually add the HideApp tag to the service principal for the application. Run the following Azure AD PowerShell commands to set the application's Visible to Users? property to No.

Connect-AzureAD

$objectId = "<objectId>"
$servicePrincipal = Get-AzureADServicePrincipal -ObjectId $objectId
$tags = $servicePrincipal.tags
$tags += "HideApp"
Set-AzureADServicePrincipal -ObjectId $objectId -Tags $tags

To hide an application from the My Apps portal, using Microsoft Graph PowerShell, you need to connect to Microsoft Graph PowerShell and sign in as at least a Cloud Application Administrator. You can manually add the HideApp tag to the service principal for the application. Run the following Microsoft Graph PowerShell commands to set the application's Visible to Users? property to No.

Connect-MgGraph

$servicePrincipal = Get-MgServicePrincipal -ServicePrincipalId $objectId
$tags = $servicePrincipal.tags
$tags += "HideApp"
Update-MgServicePrincipal -ServicePrincipalID  $objectId -Tags $tags

To hide an enterprise application using Graph Explorer, you need to sign in as at least a Cloud Application Administrator.

Run the following queries.

  1. Get the application you want to hide.

    GET https://graph.microsoft.com/v1.0/servicePrincipals/00001111-aaaa-2222-bbbb-3333cccc4444
    
  2. Update the application to hide it from users.

    PATCH https://graph.microsoft.com/v1.0/servicePrincipals/00001111-aaaa-2222-bbbb-3333cccc4444/
    

    Supply the following request body.

    {
        "tags": [
        "HideApp"
        ]
    }
    

    Warning

    If the application has other tags, you must include them in the request body. Otherwise, the query will overwrite them.

Hide Microsoft 365 applications from the My Apps portal

Tip

Steps in this article might vary slightly based on the portal you start from.

Use the following steps to hide all Microsoft 365 applications from the My Apps portal. The applications are still visible in the Office 365 portal.

  1. Sign in to the Microsoft Entra admin center as a Global Administrator.

    Important

    Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

  2. Browse to Identity > Applications > Enterprise applications.
  3. Select App launchers under Manage menu items.
  4. Select Settings.
  5. Enable the option of Users can only see Microsoft 365 apps in the Microsoft 365 portal.
  6. Select Save.

Next steps