Azure Question posted in
The official documentation to get you started can be found here.

Azure – EntraID Graph Query – Filter Applications with at least one owner

I am trying to filter out EntraID applications which has at least one owner assigned.

As per the Microsoft documentation, Owners supports filter based on count.

Directory objects that are owners of the application. Read-only. Nullable. Supports $expand, $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1), and $select nested in $expand.

Here is the query I am trying. Appreciate any help on this.

Cheers !

Tags:

2

Answers


  1. 0

    It seems that this cannot be achieved with one request, two requests are required

    ## step 1: get graph token

$tenantId           = ""
$clientId           = ""
$clientSecret       = ""

$headers = @{
    "Content-Type" = "application/x-www-form-urlencoded"
}

$uri = "https://login.microsoftonline.com/{0}/oauth2/v2.0/token" -f $tenantId

$body = @{
    grant_type    = "client_credentials"
    scope         = "https://graph.microsoft.com/.default"
    client_id     = $clientId
    client_secret = $clientSecret
}

$token = $(Invoke-RestMethod -Method Post -Uri $uri -Body $body -Headers $headers).access_token

## step 2:  list all applications

$headers2 = @{
    "Content-Type" = "application/json"
    "Authorization" = "Bearer " + $token
}

$allAppIdUri = "https://graph.microsoft.com/v1.0/applications"

$allAppId = Invoke-RestMethod -Method Get -Uri $allAppIdUri -Headers $headers2

## step 3: foreach all the applications and find out the owner details

$owners = @()

foreach($item in $allAppId.value){

    $ownerUri = "https://graph.microsoft.com/v1.0/applications/{0}/owners" -f $item.id
    $res = Invoke-RestMethod -Method Get -Uri $ownerUri -Headers $headers2
    
    if($($null -ne $res.value) -and $($res.value.Count -gt 1)){
        $tmp = @{
            id          = $item.id
            name        = $item.displayName
            owners      = $res.value
            onwersCount = $res.value.Count
        }
        $owners += $tmp
    }
}
$owners | Format-Table

    enter image description here

    Login or Signup to reply.
  2. 0

    Filtering will work, but you need to add the request header ConsistencyLevel with the value eventual and the query must contain $count=true parameter.

    Applications with at least one owner

    GET https://graph.microsoft.com/v1.0/applications?$filter=owners/$count ne 0&$count=true&$select=id,displayName
ConsistencyLevel:eventual

    When filtering applications by the number of owners, you can’t expand owners (expand and filter on owners is not supported in one query)

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search