Skip to main content

Documentation Index

Fetch the complete documentation index at: https://ps365.clidsys.com/llms.txt

Use this file to discover all available pages before exploring further.

SYNOPSIS

Retrieves all Entra ID applications and their assignment types.

SYNTAX

All (Default)

Get-MgApplicationAssignment [-AllApplications] [-AssignmentNotEnforced] [-AssignmentEmpty] [-ExportToExcel]
 [-DisableParallel] [-ThrottleLimit <Int32>] [-ProgressAction <ActionPreference>] [<CommonParameters>]

ByApplicationId

Get-MgApplicationAssignment [[-ApplicationId] <String[]>] [-AssignmentNotEnforced] [-AssignmentEmpty]
 [-ExportToExcel] [-DisableParallel] [-ThrottleLimit <Int32>] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

ByObjectId

Get-MgApplicationAssignment [-ObjectID <String>] [-AssignmentNotEnforced] [-AssignmentEmpty] [-ExportToExcel]
 [-DisableParallel] [-ThrottleLimit <Int32>] [-ProgressAction <ActionPreference>] [<CommonParameters>]

ByDisplayName

Get-MgApplicationAssignment [-DisplayName <String>] [-AssignmentNotEnforced] [-AssignmentEmpty]
 [-ExportToExcel] [-DisableParallel] [-ThrottleLimit <Int32>] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

DESCRIPTION

This function returns a list of all Entra ID applications with their assignment information, identifying whether they are assigned to all users or have specific assignments. If no assignments exist, it indicates whether the application is available to “all users”. Give information about assigned users, groups, or service principals and if the group is protected/static/dynamic.

EXAMPLES

EXAMPLE 1

Get-MgApplicationAssignment
Retrieves all applications and their assignment types.

EXAMPLE 2

Get-MgApplicationAssignment -DisableParallel
Forces sequential processing even on PowerShell 7+ (useful for debugging or to avoid concurrent Graph calls).

EXAMPLE 3

Get-MgApplicationAssignment -ApplicationId "xxx", "yyy"
Retrieves assignment types for the specified application IDs.

EXAMPLE 4

Get-MgApplicationAssignment -ObjectID '11111111-2222-3333-4444-555555555555'
Retrieves assignment types for the service principal matching this ObjectID.

EXAMPLE 5

Get-MgApplicationAssignment -DisplayName 'My SAML App'
Retrieves assignment types for the service principal matching this DisplayName.

EXAMPLE 6

Get-MgApplicationAssignment -AssignmentEmpty
Retrieves only applications with no specific user/group/service principal assignments.

EXAMPLE 7

Get-MgApplicationAssignment -ExportToExcel
Gets all applications and exports them to an Excel file

PARAMETERS

-ApplicationId

(Optional) One or more Application IDs (AppId) to filter the results. If not provided, all applications will be processed. 
Type: String[]
Parameter Sets: ByApplicationId
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ObjectID

(Optional) ObjectID (GUID) of a single service principal to target. Cannot be combined with -ApplicationId or -DisplayName. 
Type: String
Parameter Sets: ByObjectId
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DisplayName

(Optional) Display name of a single service principal to target (exact match, with fallback on trimmed comparison). Cannot be combined with -ApplicationId or -ObjectID. 
Type: String
Parameter Sets: ByDisplayName
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllApplications

(Optional) If specified, retrieves all service principals regardless of type. By default, only Enterprise Applications (tagged ‘WindowsAzureActiveDirectoryIntegratedApp’) are returned. 
Type: SwitchParameter
Parameter Sets: All
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-AssignmentNotEnforced

(Optional) If specified, only applications where AppRoleAssignmentRequired is $false (open to all users, no assignment needed) will be returned. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-AssignmentEmpty

(Optional) If specified, only applications with no specific user/group/service principal assignments will be returned. Note: these apps may still be accessible to all users if AppRoleAssignmentRequired is $false. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ExportToExcel

(Optional) If specified, exports the results to an Excel file in the user’s profile directory. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-DisableParallel

(Optional) Forces sequential processing. By default, on PowerShell 7+ the function analyzes applications in parallel (ForEach-Object -Parallel) to speed up processing; on PowerShell 5.1 it always runs sequentially. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ThrottleLimit

(Optional) Maximum number of concurrent runspaces when running in parallel. Default is 5. Keep this value moderate to avoid Microsoft Graph throttling (HTTP 429). 
Type: Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: 5
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

https://ps365.clidsys.com/docs/commands/Get-MgApplicationAssignment