Skip to content

Commit 52f36f7

Browse files
Example improvements and additions (#1459)
1 parent a76240d commit 52f36f7

2 files changed

Lines changed: 184 additions & 14 deletions

File tree

module/docs/entra-powershell-beta/Applications/Get-EntraBetaApplication.md

Lines changed: 92 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,40 @@ test adms2 iiiiiiii-aaaa-bbbb-cccc-jjjjjjjjjjjj jjjjjjjj-bbbb-cccc-dddd
9494

9595
This example demonstrates how to get all applications from Microsoft Entra ID.
9696

97-
### Example 3: Get applications with expiring secrets in 30 days
97+
### Example 3: Get all applications without owners (ownerless applications)
98+
99+
```powershell
100+
Connect-Entra -Scopes 'Application.Read.All'
101+
$apps = Get-EntraBetaApplication -All
102+
$appsWithoutOwners = @()
103+
foreach ($app in $apps) {
104+
try {
105+
$owners = Get-EntraBetaApplicationOwner -ApplicationId $app.Id
106+
if (-not $owners) {
107+
$appsWithoutOwners += $app
108+
}
109+
}
110+
catch {
111+
Write-Warning "Failed to check owners for app: $($app.DisplayName)"
112+
}
113+
114+
# Optional: throttle to avoid rate limits (especially in large tenants)
115+
#Start-Sleep -Milliseconds 100
116+
}
117+
$appsWithoutOwners | Select-Object DisplayName, Id, AppId
118+
```
119+
120+
```Output
121+
DisplayName Id AppId
122+
----------- -- -----
123+
Contoso HR App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc
124+
Contoso Helpdesk App cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee
125+
Contoso Helpdesk App eeeeeeee-6666-7777-8888-ffffffffffff hhhhhhhh-9999-aaaa-bbbb-iiiiiiiiiiii
126+
```
127+
128+
This example demonstrates how to get all applications without owners from Microsoft Entra ID.
129+
130+
### Example 4: Get applications with expiring secrets in 30 days
98131

99132
```powershell
100133
$expirationThreshold = (Get-Date).AddDays(30)
@@ -123,7 +156,7 @@ Helpdesk Application dddddddd-5555-6666-7777-eeeeeeeeeeee Helpdesk Password
123156

124157
This example retrieves applications with expiring secrets within 30 days.
125158

126-
### Example 4: Get applications with expiring certificates in 30 days
159+
### Example 5: Get applications with expiring certificates in 30 days
127160

128161
```powershell
129162
$expirationThreshold = (Get-Date).AddDays(30)
@@ -152,7 +185,7 @@ Helpdesk Application dddddddd-5555-6666-7777-eeeeeeeeeeee My cert
152185

153186
This example retrieves applications with expiring certificates within 30 days.
154187

155-
### Example 5: Get an application by display name
188+
### Example 6: Get an application by display name
156189

157190
```powershell
158191
Connect-Entra -Scopes 'Application.Read.All'
@@ -167,7 +200,7 @@ ToGraph_443DEMO cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eee
167200

168201
In this example, we retrieve application by its display name from Microsoft Entra ID.
169202

170-
### Example 6: Search among retrieved applications
203+
### Example 7: Search among retrieved applications
171204

172205
```powershell
173206
Connect-Entra -Scopes 'Application.Read.All'
@@ -182,7 +215,7 @@ My new application 2 kkkkkkkk-cccc-dddd-eeee-llllllllllll llllllll-dddd-eeee-fff
182215

183216
This example demonstrates how to retrieve applications for specific string from Microsoft Entra ID.
184217

185-
### Example 7: Retrieve an application by identifierUris
218+
### Example 8: Retrieve an application by identifierUris
186219

187220
```powershell
188221
Connect-Entra -Scopes 'Application.Read.All'
@@ -191,7 +224,7 @@ Get-EntraBetaApplication -Filter "identifierUris/any(uri:uri eq 'https://wingtip
191224

192225
This example demonstrates how to retrieve applications by its identifierUris from Microsoft Entra ID.
193226

194-
### Example 8: List top 2 applications
227+
### Example 9: List top 2 applications
195228

196229
```powershell
197230
Connect-Entra -Scopes 'Application.Read.All'
@@ -207,7 +240,7 @@ ToGraph_443DEM cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777
207240

208241
This example shows how you can retrieve two applications. You can use `-Limit` as an alias for `-Top`.
209242

210-
### Example 9: List application app roles
243+
### Example 10: List application app roles
211244

212245
```powershell
213246
Connect-Entra -Scopes 'Application.Read.All'
@@ -225,6 +258,58 @@ AllowedMemberTypes Description DisplayName Id
225258

226259
This example shows how you can retrieve app roles for an application.
227260

261+
### Example 11: List application oauth2PermissionScopes (delegated permissions exposed by the app)
262+
263+
```powershell
264+
Connect-Entra -Scopes 'Application.Read.All'
265+
(Get-EntraBetaApplication -Filter "displayName eq 'Contoso Helpdesk Application'").Api.Oauth2PermissionScopes
266+
```
267+
268+
```Output
269+
AdminConsentDescription : Allows the app to read HR data on behalf of users.
270+
AdminConsentDisplayName : Read HR Data
271+
Id : bbbbbbbb-1111-2222-3333-cccccccccccc
272+
IsEnabled : True
273+
Origin :
274+
Type : User
275+
UserConsentDescription : Allows the app to read your HR data.
276+
UserConsentDisplayName : Read your HR data
277+
Value : HR.Read.All
278+
```
279+
280+
This example shows how you can retrieve `oauth2PermissionScopes` (i.e., delegated permissions exposed by the app) to a service principal. These scopes are part of the application object.
281+
282+
### Example 12: List applications and their secret details
283+
284+
```powershell
285+
Connect-Entra -Scopes 'Application.Read.All'
286+
Get-EntraBetaApplication -All -Property displayName, appId, passwordCredentials |
287+
Where-Object { $_.PasswordCredentials } |
288+
ForEach-Object {
289+
$app = $_
290+
foreach ($cred in $app.PasswordCredentials) {
291+
[PSCustomObject]@{
292+
DisplayName = $app.DisplayName
293+
AppId = $app.AppId
294+
PasswordCredentialsDisplayName = $cred.DisplayName
295+
PasswordCredentialStartDate = $cred.StartDate
296+
PasswordCredentialEndDate = $cred.EndDate
297+
}
298+
}
299+
} |
300+
Format-Table -AutoSize
301+
```
302+
303+
```Output
304+
DisplayName AppId PasswordCredentialsDisplayName PasswordCredentialStartDate PasswordCredentialEndDate
305+
----------- ----- ------------------------------ --------------------------- -------------------------
306+
Helpdesk Application gggggggg-6666-7777-8888-hhhhhhhhhhhh Helpdesk Application Password 8/20/2024 7:54:25 AM 11/18/2024 7:54:25 AM
307+
Helpdesk Application gggggggg-6666-7777-8888-hhhhhhhhhhhh Helpdesk Application Backend 8/7/2024 4:36:49 PM 2/3/2025 4:36:49 PM
308+
Contoso Automation App bbbbbbbb-1111-2222-3333-cccccccccccc AI automation Cred 5/3/2025 7:03:11 PM 5/3/2026 7:03:11 PM
309+
```
310+
311+
This example shows how you can retrieve applications that have secrets.
312+
228313
## Parameters
229314

230315
### -All

module/docs/entra-powershell-v1.0/Applications/Get-EntraApplication.md

Lines changed: 92 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,40 @@ test adms2 iiiiiiii-aaaa-bbbb-cccc-jjjjjjjjjjjj jjjjjjjj-bbbb-cccc-dddd
9494

9595
This example demonstrates how to get all applications from Microsoft Entra ID.
9696

97-
### Example 3: Get applications with expiring secrets in 30 days
97+
### Example 3: Get all applications without owners (ownerless applications)
98+
99+
```powershell
100+
Connect-Entra -Scopes 'Application.Read.All'
101+
$apps = Get-EntraApplication -All
102+
$appsWithoutOwners = @()
103+
foreach ($app in $apps) {
104+
try {
105+
$owners = Get-EntraApplicationOwner -ApplicationId $app.Id
106+
if (-not $owners) {
107+
$appsWithoutOwners += $app
108+
}
109+
}
110+
catch {
111+
Write-Warning "Failed to check owners for app: $($app.DisplayName)"
112+
}
113+
114+
# Optional: throttle to avoid rate limits (especially in large tenants)
115+
#Start-Sleep -Milliseconds 100
116+
}
117+
$appsWithoutOwners | Select-Object DisplayName, Id, AppId
118+
```
119+
120+
```Output
121+
DisplayName Id AppId
122+
----------- -- -----
123+
Contoso HR App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc
124+
Contoso Helpdesk App cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee
125+
Contoso Helpdesk App eeeeeeee-6666-7777-8888-ffffffffffff hhhhhhhh-9999-aaaa-bbbb-iiiiiiiiiiii
126+
```
127+
128+
This example demonstrates how to get all applications without owners from Microsoft Entra ID.
129+
130+
### Example 4: Get applications with expiring secrets in 30 days
98131

99132
```powershell
100133
$expirationThreshold = (Get-Date).AddDays(30)
@@ -123,7 +156,7 @@ Helpdesk Application dddddddd-5555-6666-7777-eeeeeeeeeeee Helpdesk Password
123156

124157
This example retrieves applications with expiring secrets within 30 days.
125158

126-
### Example 4: Get applications with expiring certificates in 30 days
159+
### Example 5: Get applications with expiring certificates in 30 days
127160

128161
```powershell
129162
$expirationThreshold = (Get-Date).AddDays(30)
@@ -152,7 +185,7 @@ Helpdesk Application dddddddd-5555-6666-7777-eeeeeeeeeeee My cert
152185

153186
This example retrieves applications with expiring certificates within 30 days.
154187

155-
### Example 5: Get an application by display name
188+
### Example 6: Get an application by display name
156189

157190
```powershell
158191
Connect-Entra -Scopes 'Application.Read.All'
@@ -167,7 +200,7 @@ ToGraph_443DEMO cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eee
167200

168201
In this example, we retrieve application by its display name from Microsoft Entra ID.
169202

170-
### Example 6: Search among retrieved applications
203+
### Example 7: Search among retrieved applications
171204

172205
```powershell
173206
Connect-Entra -Scopes 'Application.Read.All'
@@ -182,7 +215,7 @@ My new application 2 kkkkkkkk-cccc-dddd-eeee-llllllllllll llllllll-dddd-eeee-fff
182215

183216
This example demonstrates how to retrieve applications for specific string from Microsoft Entra ID.
184217

185-
### Example 7: Retrieve an application by identifierUris
218+
### Example 8: Retrieve an application by identifierUris
186219

187220
```powershell
188221
Connect-Entra -Scopes 'Application.Read.All'
@@ -191,7 +224,7 @@ Get-EntraApplication -Filter "identifierUris/any(uri:uri eq 'https://wingtips.wi
191224

192225
This example demonstrates how to retrieve applications by its identifierUris from Microsoft Entra ID.
193226

194-
### Example 8: List top 2 applications
227+
### Example 9: List top 2 applications
195228

196229
```powershell
197230
Connect-Entra -Scopes 'Application.Read.All'
@@ -207,7 +240,7 @@ ToGraph_443DEM cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777
207240

208241
This example shows how you can retrieve two applications. You can use `-Limit` as an alias for `-Top`.
209242

210-
### Example 9: List application app roles
243+
### Example 10: List application app roles
211244

212245
```powershell
213246
Connect-Entra -Scopes 'Application.Read.All'
@@ -225,6 +258,58 @@ AllowedMemberTypes Description DisplayName Id
225258

226259
This example shows how you can retrieve app roles for an application.
227260

261+
### Example 11: List application oauth2PermissionScopes (delegated permissions exposed by the app)
262+
263+
```powershell
264+
Connect-Entra -Scopes 'Application.Read.All'
265+
(Get-EntraApplication -Filter "displayName eq 'Contoso Helpdesk Application'").Api.Oauth2PermissionScopes
266+
```
267+
268+
```Output
269+
AdminConsentDescription : Allows the app to read HR data on behalf of users.
270+
AdminConsentDisplayName : Read HR Data
271+
Id : bbbbbbbb-1111-2222-3333-cccccccccccc
272+
IsEnabled : True
273+
Origin :
274+
Type : User
275+
UserConsentDescription : Allows the app to read your HR data.
276+
UserConsentDisplayName : Read your HR data
277+
Value : HR.Read.All
278+
```
279+
280+
This example shows how you can retrieve `oauth2PermissionScopes` (i.e., delegated permissions exposed by the app) to a service principal. These scopes are part of the application object.
281+
282+
### Example 12: List applications and their secret details
283+
284+
```powershell
285+
Connect-Entra -Scopes 'Application.Read.All'
286+
Get-EntraApplication -All -Property displayName, appId, passwordCredentials |
287+
Where-Object { $_.PasswordCredentials } |
288+
ForEach-Object {
289+
$app = $_
290+
foreach ($cred in $app.PasswordCredentials) {
291+
[PSCustomObject]@{
292+
DisplayName = $app.DisplayName
293+
AppId = $app.AppId
294+
PasswordCredentialsDisplayName = $cred.DisplayName
295+
PasswordCredentialStartDate = $cred.StartDate
296+
PasswordCredentialEndDate = $cred.EndDate
297+
}
298+
}
299+
} |
300+
Format-Table -AutoSize
301+
```
302+
303+
```Output
304+
DisplayName AppId PasswordCredentialsDisplayName PasswordCredentialStartDate PasswordCredentialEndDate
305+
----------- ----- ------------------------------ --------------------------- -------------------------
306+
Helpdesk Application gggggggg-6666-7777-8888-hhhhhhhhhhhh Helpdesk Application Password 8/20/2024 7:54:25 AM 11/18/2024 7:54:25 AM
307+
Helpdesk Application gggggggg-6666-7777-8888-hhhhhhhhhhhh Helpdesk Application Backend 8/7/2024 4:36:49 PM 2/3/2025 4:36:49 PM
308+
Contoso Automation App bbbbbbbb-1111-2222-3333-cccccccccccc AI automation Cred 5/3/2025 7:03:11 PM 5/3/2026 7:03:11 PM
309+
```
310+
311+
This example shows how you can retrieve applications that have secrets.
312+
228313
## Parameters
229314

230315
### -All

0 commit comments

Comments
 (0)