0

I want to have a list of all NON-Microsoft-Default service principals in my tenant, exclude all OOBE apps.

I can´t find any property on a service principal object returned by either the Get-AzureADServicePrincipal PS cmdlet or the Graph-API (graph.microsoft.com/beta/servicePrincipals) where i can tell whether its Microsoft default App or a custom one.

At first I thought it might be the tag property and I can filter on those which have the WindowsAzureActiveDirectoryIntegratedApp tag. But it turned out that it indicates wheter the service principal is an enterprise app or not (application type).

Any ideas on which property to filter or which API to use?

Tim
  • 1
  • 2
  • What you said is contradictory, actually what do you want? `have a list of all NON-Microsoft-Default service principals` or list `filter for Microsoft applications`? – Joy Wang Sep 25 '19 at 02:40
  • You are absolutly right, I fixed my post, thanks for pointing out. What I want ist to exclude all default OOBE Apps. – Tim Oct 02 '19 at 08:15

1 Answers1

0

You can filter out based on appOwnerOrganizationId. For Microsoft created application , this parameter would be same.

I tried using with the graph api

https://graph.microsoft.com/beta/servicePrincipals

You can check what is the defualt guid for MS created apps and then put a filter in your query like **appOwnerOrganizationId != MSAppOwner Org Id**.

Try this and see if it helps.

Mohit Verma
  • 5,140
  • 2
  • 12
  • 27
  • First of all, thanks for your reply. I thought about that too but that would also exclude every Microsoft App I might have granted on purpose later on. So not only the OOBE Apps are excluded but every Microsoft App will be excluded. So the Azure Portals doesn´t provide a way to filter for it either. Maybe its just not possible – Tim Sep 30 '19 at 09:50