Manage Azure AD Enterprise Apps with PowerShell
Create, Add, Update, Remove or Manage Azure Active Directory Enterprise Applications/Apps with Azure PowerShell CLI or Scripting.
Connect to Azure AD
Before you start, Connect to Azure AD to access the Enterprise Applications in Azure AD.
PowerShell Command: Connect-AzureAD
If connected it should not throw any errors!
Get the Count of Azure AD Enterprise Applications
PowerShell Command: (Get-AzureADApplication).count
Command returns the count of Azure AD Enterprise Applications
Get the Count of Azure AD Service Principals
PowerShell Command: (Get-AzureADServicePrincipal).count
Command returns the count of Azure AD Service Principals
Get the Azure AD Enterprise Applications with App Display Name
PowerShell Command: Get-AzureADApplication -Filter "DisplayName eq 'Terraform Service Account'"
Command returns the ObjectId, AppId, DisplayName
Get the Azure AD Enterprise Applications with App Id
PowerShell Command: Get-AzureADApplication -Filter "AppId eq 'xxxxxxxx-xxxx-xxxx-xxxx-xxxx68faxxxx'"
Command returns the ObjectId, AppId, DisplayName
Get the Azure AD Applications with ObjectId
Get-AzureADApplication -ObjectId 'xxxx31a4-xxxx-xxxx-xxxx-0920ea70xxxx'
Command returns the ObjectId, AppId, DisplayName
Find the Azure AD Deleted Applications
PowerShell Command: Get-AzureADDeletedApplication
Command returns the list of previously deleted applications.
Add Custom Logo to Azure AD Application
PowerShell Command: Set-AzureADApplicationLogo -ObjectId '_add_app_object_id_here' -FilePath "_add_app_logi_path_here"
Example Command: Set-AzureADApplicationLogo -ObjectId 'xxxx31a4-xxxx-xxxx-xxxx-0920ea70xxxx' -FilePath "C:/AppLogo.jpg"
Disable User Sign In on Single Azure Enterprise Application
PowerShell Script:
# The AppId of the Enterprise Application to be Disabled
$appId = "_add_app_id_here"
# Store service principal to a variable
$servicePrincipal = Get-AzureADServicePrincipal -Filter "AppId eq '$appId'"
if ($servicePrincipal) {
# Service principal exists already, disable it
Set-AzureADServicePrincipal -ObjectId $servicePrincipal.ObjectId -AccountEnabled $false
}
else {
# Service principal does not yet exist, create it and disable it at the same time
$servicePrincipal = New-AzureADServicePrincipal -AppId $appId -AccountEnabled $false
}
Disable User Sign In on Multiple Azure Enterprise Application
PowerShell Script:
$AzureEAppsData = Import-CSV .\DataDownload.csv
foreach ($EApp in $AzureEAppsData){
$Count+=1
Write-Output("$Count")
$EAppName = $EApp.AppName
if($EAppName -eq "Deleted"){
Write-Output ("EApp already deleted!")
Write-Output ("--------------------------------------------------------------------")
}
else{
#$EAppData = Get-AzureADApplication -Filter "DisplayName eq '$EAppName'"
$EAppData = Get-AzureADServicePrincipal -Filter "DisplayName eq '$EAppName'"
$EAppId = $EAppData.AppId
$EAppObjectID = $EAppData.ObjectId
$EAppDisplayName = $EAppData.DisplayName
Write-Output ("EAppName : $EAppDisplayName ; EAppId: $EAppID ; EAppObjectId: $EAppObjectID")
if($EAppData){
# Service principal exists already, disable it
Set-AzureADServicePrincipal -ObjectId $EAppObjectID -AccountEnabled $false
}
else{
# Service principal does not yet exist, create it and disable it at the same time
$EAppData = New-AzureADServicePrincipal -AppId $EAppId -AccountEnabled $false
}
Write-Output ("--------------------------------------------------------------------")
}
}
Enable User Sign Ins on Single Azure Enterprise Application
PowerShell Script:
$EAppName = "Terraform Service Account"
$EAppData = Get-AzureADServicePrincipal -Filter "DisplayName eq '$EAppName'"
$EAppId = $EAppData.AppId
$EAppObjectID = $EAppData.ObjectId
$EAppDisplayName = $EAppData.DisplayName
Set-AzureADServicePrincipal -ObjectId $EAppObjectID -AccountEnabled $true
