0

I want to get a list of Azure AD Enterprise Applications configured for Single Sign On.

It is fairly easy to call Get-AzureAdApplication -All $true, however this list includes Service Principals.

In the properties of the Enterprise Application within the Azure Portal, I see that there is an Enabled for Users to Sign In toggle setting, however I do not see that property exposed via the results of the Get-AzureAdApplication.

How do I return a list of just the Enterprise Application that have this toggle set to Yes?

codechurn
  • 3,870
  • 4
  • 45
  • 65

1 Answers1

0

I don't know what do you mean about get just Enterprise Application without service principals. If you want to get the Enterprise Application, you just need to use this command shown as below:

Get-AzureADServicePrincipal -All $true

After running the command above, we can get the list of apps under the Enterprise Application in Azure Active Directory --> Enterprise applications(on azure portal). Here is a post which may help us to know more about the relationship of azure registration apps, enterprise app and service principal.

For the requirement of get the Enterprise applications with Enabled for users to sign-in enabled, we can just use the command below:

Get-AzureADServicePrincipal -All $true | Where-Object{$_.AccountEnabled -eq $true}

Hope it helps~

Hury Shen
  • 14,948
  • 1
  • 9
  • 18
  • Thanks for the links; it helped me get a better under standing of the Application/ServicePrincipal/AppRegistration concepts. Let me clarify what I am after: I am looking to identify any AppRegistrations in our tenant which are configured for Single Sign On; specifically, I am looking for SAML based SSO. I am assuming I can retrieve the list of AppRegistrations with a ReplyToUrls count > 0. Is there a way to list all of the AppRegistrations and the type of SSO they are facilitating? – codechurn Apr 15 '20 at 02:43
  • Hi @codechurn I'm afraid we can't get the list of registration apps with the filter of their SSO. – Hury Shen Apr 16 '20 at 06:22