Skip to main content

SYNOPSIS

Retrieves all Entra ID applications and their assignment types.

SYNTAX

Get-MgApplicationAssignment [[-ApplicationId] <String[]>] [-AllApplications] [-AssignmentNotEnforced]
 [-AssignmentEmpty] [-ExportToExcel] [-ProgressAction <ActionPreference>] [<CommonParameters>]

DESCRIPTION

This function returns a list of all Entra ID applications with their assignment information, identifying whether they are assigned to all users or have specific assignments. If no assignments exist, it indicates whether the application is available to “all users”. Give information about assigned users, groups, or service principals and if the group is protected/static/dynamic.

EXAMPLES

EXAMPLE 1

Get-MgApplicationAssignment
Retrieves all applications and their assignment types.

EXAMPLE 2

Get-MgApplicationAssignment -ApplicationId "xxx", "yyy"
Retrieves assignment types for the specified application IDs.

EXAMPLE 3

Get-MgApplicationAssignment -AssignmentEmpty
Retrieves only applications with no specific user/group/service principal assignments.

EXAMPLE 4

Get-MgApplicationAssignment -ExportToExcel
Gets all applications and exports them to an Excel file

PARAMETERS

-ApplicationId

(Optional) One or more Application IDs to filter the results. If not provided, all applications will be processed. 
Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllApplications

(Optional) If specified, retrieves all service principals regardless of type. By default, only Enterprise Applications (tagged ‘WindowsAzureActiveDirectoryIntegratedApp’) are returned. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-AssignmentNotEnforced

(Optional) If specified, only applications where AppRoleAssignmentRequired is $false (open to all users, no assignment needed) will be returned. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-AssignmentEmpty

(Optional) If specified, only applications with no specific user/group/service principal assignments will be returned. Note: these apps may still be accessible to all users if AppRoleAssignmentRequired is $false. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ExportToExcel

(Optional) If specified, exports the results to an Excel file in the user’s profile directory. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

https://ps365.clidsys.com/docs/commands/Get-MgApplicationAssignment