Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

opperska
June 30, 2023
293 views
0 votes
2 Answers

I am trying to retrieve app owners from Azure Portal App Registration under the Manifest using the Microsoft Graph API and REST Method via a PowerShell script. I am using a service principal account (client secret key), tenant, and client ID (app ID) to authenticate to the Graph API.

Here is the code for getting specific app info:

Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'appIdhere'" -Headers $headers -Method GET

I am using the following request headers and body:

$requestBody = @{
"grant_type"    = "client_credentials"
"client_id"     = $clientId
"client_secret" = $clientSecret
"scope"         = "https://graph.microsoft.com/.default"
}

$headers = @{
Authorization = "Bearer $accessToken"
}

However, this code above works only on the graph. Please see the documentation below. (I used the /applications endpoint and it still works with the reference below)
Microsoft Graph API – List owners of a service principal

I want to use the URL mentioned above to access the application manifest under App Registration Azure Portal, but the URL retrieves all the applications from the Azure Portal instead of just the specified one from the URL when using Invoke-RestMethod from PowerShell ISE.

I would like to request assistance on how to retrieve specified information under this URL: "https://graph.microsoft.com/v1.0/applications?$filter=appId eq ‘f059f748-6b42-46ec-8d5b-23a0fee126ee’". Thank you in advance to those who will assist.

Answers

Chosen as BEST ANSWER
- opperska
- June 30, 2023 at 12:58 pm
- 0 votes
0
Updated: I've figured out what I am looking for.

To access the manifest data from the applications of App Registration on Azure Portal - you may use this url endpoint below.

https://graph.microsoft.com/v1.0/applications/ObjectIDofApphere/?=manifest

I am not so sure how I'd figured this out and I am looking for any reference for this endpoint above from the microsoft graph but it shows the manifest data of the application, be sure to put the objectID next to applications/

For the permissions, I do have these permissions below

(Edit)

- Sridevi
- June 29, 2023 at 7:57 am
- 0 votes
0
I registered one Azure AD Application and added API permissions like below:

Now, I added below users as Application owners for the Application:

To retrieve App Owners from Azure Portal App Registration under the Manifest using the Microsoft Graph API, you can use below query:
```
GET https://graph.microsoft.com/v1.0/applications/<AppID>/owners
```
To get the same results by invoking REST API using PowerShell, you can execute below script:
```
$requestbody = @{
    client_id = "ClientID"
    client_secret = "ClientSecret"
    scope = "https://graph.microsoft.com/.default"
    grant_type = 'client_credentials'
}
$AccessToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/TenantID/oauth2/v2.0/token" -Method Post -Body $requestbody
$token = $AccessToken.access_token
$query = "https://graph.microsoft.com/v1.0/applications/AppID/owners"
(Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $query -Method Get).value | select id
```
When I ran the script, I got the Object IDs of the Application owners in the response like below:

Reference:
List owners – Microsoft Graph v1.0 | Microsoft
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.