1

I'm trying to export all applications configurations. To do that I used the following commands :

Get-AzureADApplication ; Get-AzureADServicePrincipal ; Get-MgApplication ; Get-MgServicePrincipal.

With those, I get almost everything, but important information are missing :

  • When a SAML App has several IdentifierUris or ReplyUrls, I only get the list, not the one that is marked as "primary" in the Azure Portal (see here)
  • For OAuth Applications, I'm able to know is the app uses SPA, Native or Web Redirect Uris and if the app uses the Implicit Flow. But how would I know if the app uses Client Credentials (OAuth Services), or Authorization Code with PKCE ?
  • For SAML Applications, I'm trying to retrieve the Claims & Attributes. When they are applied to the app with a "Claim mapping Policy", I'm able to do so. But when they are changed directly in the Azure Portal (see above), I do not retrieve that information :

Changing Attributes & Claims in the Azure Portal

Thanks for considering my request.

Absolvo_
  • 11
  • 3
  • What do you mean by "the one that is marked as "primary" in the Azure Portal"? I didn't see any of them is marked as "primary". Could you provide a screenshot? Whether the app uses Client Credentials (OAuth Services), or Authorization Code with PKCE cannot be found with the OAuth Applications. – Allen Wu Apr 21 '21 at 02:32
  • I edited my post with a screenshot, thanks for your answer – Absolvo_ Apr 21 '21 at 07:37
  • Got it! Unfortunately the SAML app information you mentioned are not available in Azure AD Powershell and MS Graph Powershell. I try to capture the request and it's using `https://main.iam.ad.ext.azure.com/api` endpoint in Azure portal. Similar question I answered here: https://stackoverflow.com/questions/65613441/azure-rest-call-to-get-enterprise-application-single-sign-on-information/65622868#65622868. – Allen Wu Apr 21 '21 at 08:01
  • So it means that I would need to call this endpoint ? I do not find how to call it with the right headers.. I've seen it being used here : https://o365blog.com/aadinternals/ – Absolvo_ Apr 21 '21 at 10:23

1 Answers1

0

It is possible to retrieve some information with the following Microsoft undisclosed API : "https://main.iam.ad.ext.azure.com/api", especially most information for SAML Applications

How to gain access to this hidden API is discussed here : https://www.lieben.nu/liebensraum/2020/04/calling-graph-and-other-apis-silently-for-an-mfa-enabled-account/

Absolvo_
  • 11
  • 3