Documentation Index
Fetch the complete documentation index at: https://ps365.clidsys.com/llms.txt
Use this file to discover all available pages before exploring further.
SYNOPSIS
Retrieves all Entra ID applications configured for SCIM provisioning.
SYNTAX
All (Default)
Get-MgApplicationSCIM [-ExcludeAttributeMappings] [-IncludeFailedObjects] [-ForceNewToken] [-ExportToExcel]
[-RunFromAzureAutomation] [-NotificationRecipient <String>] [-NotificationSender <String>]
[-ProgressAction <ActionPreference>] [<CommonParameters>]
ByObjectId
Get-MgApplicationSCIM [-ObjectID <String>] [-ExcludeAttributeMappings] [-IncludeFailedObjects] [-ForceNewToken]
[-ExportToExcel] [-RunFromAzureAutomation] [-NotificationRecipient <String>] [-NotificationSender <String>]
[-ProgressAction <ActionPreference>] [<CommonParameters>]
ByDisplayName
Get-MgApplicationSCIM [-DisplayName <String>] [-ExcludeAttributeMappings] [-IncludeFailedObjects]
[-ForceNewToken] [-ExportToExcel] [-RunFromAzureAutomation] [-NotificationRecipient <String>]
[-NotificationSender <String>] [-ProgressAction <ActionPreference>] [<CommonParameters>]
DESCRIPTION
This function returns a list of all Entra ID applications with SCIM provisioning enabled,
along with their synchronization job details and settings.
EXAMPLES
EXAMPLE 1
$scimApps = Get-MgApplicationSCIM
EXAMPLE 2
Get-MgApplicationSCIM -ForceNewToken
EXAMPLE 3
Get-MgApplicationSCIM -ExportToExcel
EXAMPLE 4
Get-MgApplicationSCIM -ObjectID "xxx-xxx-xxx"
EXAMPLE 5
Get-MgApplicationSCIM -DisplayName "My App"
EXAMPLE 6
Get-MgApplicationSCIM -DisplayName "Azure*"
EXAMPLE 7
Get-MgApplicationSCIM -DisplayName "*Provisioning*"
EXAMPLE 8
Get-MgApplicationSCIM -RunFromAzureAutomation -NotificationRecipient 'admin@company.com' -NotificationSender 'automation@company.com'
PARAMETERS
-ObjectID
(Optional) Retrieves the SCIM configuration for a specific application by its ObjectID.
Type: String
Parameter Sets: ByObjectId
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-DisplayName
(Optional) Retrieves the SCIM configuration for a specific application by its DisplayName.
Supports wildcards (* and ?) for partial name matching (e.g.
“Azure*”, “Portal”).
Type: String
Parameter Sets: ByDisplayName
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ExcludeAttributeMappings
(Optional) If specified, skips the retrieval of the attribute mapping schema (ObjectMappings).
This speeds up execution significantly when mapping details are not needed.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-IncludeFailedObjects
(Optional) If specified, fetches the list of objects currently in error (escrowed) for each synchronization job via the provisioning audit logs API.
Requires the AuditLog.Read.All permission.
If connecting interactively, this scope is added automatically.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-ForceNewToken
(Optional) Forces the function to disconnect and reconnect to Microsoft Graph to obtain a new access token.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-ExportToExcel
(Optional) If specified, exports the results to an Excel file in the user’s profile directory.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-RunFromAzureAutomation
(Optional) If specified, uses managed identity authentication instead of interactive authentication.
This is useful when running the script in Azure environments like Azure Functions, Logic Apps, or VMs with managed identity enabled.
When this parameter is used, NotificationRecipient and NotificationSender are required.
PowerShell modules used in Azure Automation must be a MAXIMUM of version 2.25.0 when using PowerShell < 7.4.0, because starting from version 2.26.0, PowerShell 7.4.0 is required, and Azure Automation does not support it yet as of February 2026.
For PowerShell 7.4.0+, there are no version restrictions.
https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3147
https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3151
https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3166
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-NotificationRecipient
(Required when RunFromAzureAutomation is enabled) Email address to receive synchronization health notifications.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-NotificationSender
(Required when RunFromAzureAutomation is enabled) Email address of the sender for synchronization health notifications.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
OUTPUTS
NOTES
LIMITATIONS
The groups assignments are not retrieved because based on https://main.iam.ad.ext.azure.com
This function requires the Microsoft.Graph.Applications and Microsoft.Graph.Authentication modules.
https://ps365.clidsys.com/docs/commands/Get-MgApplicationSCIM
