Skip to main content

SYNOPSIS

Retrieves all Entra ID applications configured for SCIM provisioning.

SYNTAX

All (Default)

Get-MgApplicationSCIM [-ForceNewToken] [-ExportToExcel] [-RunFromAzureAutomation]
 [-NotificationRecipient <String>] [-NotificationSender <String>] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

ByObjectId

Get-MgApplicationSCIM [-ObjectID <String>] [-ForceNewToken] [-ExportToExcel] [-RunFromAzureAutomation]
 [-NotificationRecipient <String>] [-NotificationSender <String>] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

ByDisplayName

Get-MgApplicationSCIM [-DisplayName <String>] [-ForceNewToken] [-ExportToExcel] [-RunFromAzureAutomation]
 [-NotificationRecipient <String>] [-NotificationSender <String>] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

DESCRIPTION

This function returns a list of all Entra ID applications with SCIM provisioning enabled, along with their synchronization job details and settings.

EXAMPLES

EXAMPLE 1

$scimApps = Get-MgApplicationSCIM
Retrieves all Entra ID applications with SCIM provisioning enabled.

EXAMPLE 2

Get-MgApplicationSCIM -ForceNewToken
Forces the function to disconnect and reconnect to Microsoft Graph to obtain a new access token.

EXAMPLE 3

Get-MgApplicationSCIM -ExportToExcel
Exports the SCIM configuration details to an Excel file.

EXAMPLE 4

Get-MgApplicationSCIM -ObjectID "xxx-xxx-xxx"
Retrieves the SCIM configuration for a specific application by its ObjectID.

EXAMPLE 5

Get-MgApplicationSCIM -RunFromAzureAutomation -NotificationRecipient 'admin@company.com' -NotificationSender 'automation@company.com'
Gets all SCIM provisioning jobs using managed identity and sends a health report for apps with synchronization issues.

PARAMETERS

-ObjectID

(Optional) Retrieves the SCIM configuration for a specific application by its ObjectID. 
Type: String
Parameter Sets: ByObjectId
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DisplayName

(Optional) Retrieves the SCIM configuration for a specific application by its DisplayName. 
Type: String
Parameter Sets: ByDisplayName
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ForceNewToken

(Optional) Forces the function to disconnect and reconnect to Microsoft Graph to obtain a new access token. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ExportToExcel

(Optional) If specified, exports the results to an Excel file in the user’s profile directory. 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-RunFromAzureAutomation

(Optional) If specified, uses managed identity authentication instead of interactive authentication. This is useful when running the script in Azure environments like Azure Functions, Logic Apps, or VMs with managed identity enabled. When this parameter is used, NotificationRecipient and NotificationSender are required. PowerShell modules used in Azure Automation must be a MAXIMUM of version 2.25.0 when using PowerShell < 7.4.0, because starting from version 2.26.0, PowerShell 7.4.0 is required, and Azure Automation does not support it yet as of February 2026. For PowerShell 7.4.0+, there are no version restrictions. https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3147 https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3151 https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3166 
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-NotificationRecipient

(Required when RunFromAzureAutomation is enabled) Email address to receive synchronization health notifications. 
Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-NotificationSender

(Required when RunFromAzureAutomation is enabled) Email address of the sender for synchronization health notifications. 
Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

LIMITATIONS The groups assignments are not retrieved because based on https://main.iam.ad.ext.azure.com This function requires the Microsoft.Graph.Applications and Microsoft.Graph.Authentication modules. https://ps365.clidsys.com/docs/commands/Get-MgApplicationSCIM