Get-EntraApplication
Gets an application.
Syntax
Get-EntraApplication
[-Filter <String>]
[-All]
[-Top <Int32>]
[-Property <String[]>]
[<CommonParameters>] Get-EntraApplication
[-SearchString <String>]
[-All]
[-Property <String[]>]
[<CommonParameters>] Get-EntraApplication
-ApplicationId <String>
[-Property <String[]>]
[-All]
[<CommonParameters>] Description
The Get-EntraApplication cmdlet gets a Microsoft Entra ID application.
Examples
Example 1: Get an application by ApplicationId
Connect-Entra -Scopes 'Application.Read.All'
Get-EntraApplication -ApplicationId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'
DisplayName Id AppId SignInAudience PublisherDomain
----------- -- ----- -------------- ---------------
ToGraph_443democc3c aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.comThis example demonstrates how to retrieve specific application by providing ID.
Example 2: Get all applications
Connect-Entra -Scopes 'Application.Read.All'
Get-EntraApplication -All
DisplayName Id AppId SignInAudience PublisherDomain
----------- -- ----- -------------- ---------------
test app aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADandPersonalMicrosoftAccount contoso.com
ToGraph_443DEM cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee AzureADMyOrg contoso.com
test adms eeeeeeee-6666-7777-8888-ffffffffffff ffffffff-7777-8888-9999-gggggggggggg AzureADandPersonalMicrosoftAccount contoso.com
test adms app azure gggggggg-8888-9999-aaaa-hhhhhhhhhhhh hhhhhhhh-9999-aaaa-bbbb-iiiiiiiiiiii AzureADandPersonalMicrosoftAccount contoso.com
test adms2 iiiiiiii-aaaa-bbbb-cccc-jjjjjjjjjjjj jjjjjjjj-bbbb-cccc-dddd-kkkkkkkkkkkk AzureADandPersonalMicrosoftAccount contoso.comThis example demonstrates how to get all applications from Microsoft Entra ID.
Example 3: Get applications with expiring secrets in 30 days
$expirationThreshold = (Get-Date).AddDays(30)
$appsWithExpiringPasswords = Get-EntraApplication -All | Where-Object { $_.PasswordCredentials } |
ForEach-Object {
$app = $_
$app.PasswordCredentials | Where-Object { $_.EndDate -le $expirationThreshold } |
ForEach-Object {
[PSCustomObject]@{
DisplayName = $app.DisplayName
AppId = $app.AppId
SecretDisplayName = $_.DisplayName
KeyId = $_.KeyId
ExpiringSecret = $_.EndDate
}
}
}
$appsWithExpiringPasswords | Format-Table DisplayName, AppId, SecretDisplayName, KeyId, ExpiringSecret -AutoSize
DisplayName AppId SecretDisplayName KeyId ExpiringSecret
----------- ----- ----------------- ----- --------------
Helpdesk Application dddddddd-5555-6666-7777-eeeeeeeeeeee Helpdesk Password aaaaaaaa-0b0b-1c1c-2d2d-333333333333 11/18/2024This example retrieves applications with expiring secrets within 30 days.
Example 4: Get applications with expiring certificates in 30 days
$expirationThreshold = (Get-Date).AddDays(30)
$appsWithExpiringKeys = Get-EntraApplication -All | Where-Object { $_.KeyCredentials } |
ForEach-Object {
$app = $_
$app.KeyCredentials | Where-Object { $_.EndDate -le $expirationThreshold } |
ForEach-Object {
[PSCustomObject]@{
DisplayName = $app.DisplayName
AppId = $app.AppId
CertificateDisplayName = $_.DisplayName
KeyId = $_.KeyId
ExpiringKeys = $_.EndDate
}
}
}
$appsWithExpiringKeys | Format-Table DisplayName, AppId, CertificateDisplayName, KeyId, ExpiringKeys -AutoSize
DisplayName AppId CertificateDisplayName KeyId ExpiringKeys
----------- ----- ---------------------- ----- ------------
Helpdesk Application dddddddd-5555-6666-7777-eeeeeeeeeeee My cert aaaaaaaa-0b0b-1c1c-2d2d-333333333333 6/27/2024 11:49:17 AMThis example retrieves applications with expiring certificates within 30 days.
Example 5: Get an application by display name
Connect-Entra -Scopes 'Application.Read.All'
Get-EntraApplication -Filter "DisplayName eq 'ToGraph_443DEMO'"
DisplayName Id AppId SignInAudience PublisherDomain
----------- -- ----- -------------- ---------------
ToGraph_443DEMO cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee AzureADMyOrg contoso.comIn this example, we retrieve application by its display name from Microsoft Entra ID.
Example 6: Search among retrieved applications
Connect-Entra -Scopes 'Application.Read.All'
Get-EntraApplication -SearchString 'My new application 2'
DisplayName Id AppId SignInAudience PublisherDomain
----------- -- ----- -------------- ---------------
My new application 2 kkkkkkkk-cccc-dddd-eeee-llllllllllll llllllll-dddd-eeee-ffff-mmmmmmmmmmmm AzureADandPersonalMicrosoftAccount contoso.comThis example demonstrates how to retrieve applications for specific string from Microsoft Entra ID.
Example 7: Retrieve an application by identifierUris
Connect-Entra -Scopes 'Application.Read.All'
Get-EntraApplication -Filter "identifierUris/any(uri:uri eq 'https://wingtips.wingtiptoysonline.com')"This example demonstrates how to retrieve applications by its identifierUris from Microsoft Entra ID.
Example 8: List top 2 applications
Connect-Entra -Scopes 'Application.Read.All'
Get-EntraApplication -Top 2
DisplayName Id AppId SignInAudience PublisherDomain
----------- -- ----- -------------- ---------------
test app aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADandPersonalMicrosoftAccount contoso.com
ToGraph_443DEM cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee AzureADMyOrg contoso.comThis example shows how you can retrieve two applications. You can use -Limit as an alias for -Top.
Example 9: List application app roles
Connect-Entra -Scopes 'Application.Read.All'
$application = Get-EntraApplication -SearchString 'Contoso Helpdesk Application'
$application.AppRoles | Format-Table -AutoSize
AllowedMemberTypes Description DisplayName Id IsEnabled Origin Value
------------------ ----------- ----------- -- --------- ------ -----
{User, Application} General All General All gggggggg-6666-7777-8888-hhhhhhhhhhhh True Application Survey.Read
{Application} General App Only General Apponly hhhhhhhh-7777-8888-9999-iiiiiiiiiiii True Application Task.Write
{User} General role General bbbbbbbb-1111-2222-3333-cccccccccccc True Application GeneralThis example shows how you can retrieve app roles for an application.
Parameters
-All
List all pages.
| Type: | System.Management.Automation.SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ApplicationId
Specifies the ID of an application in Microsoft Entra ID.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Filter
Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Property
Specifies properties to be returned
| Type: | System.String[] |
| Aliases: | Select |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SearchString
Specifies a search string.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Top
Specifies the maximum number of records to return.
| Type: | System.Int32 |
| Aliases: | Limit |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |