Get Azure AD Application Owner (Get-AzADApplicationOwner)

[JamesDLD]

Is your feature request related to a problem? Please describe. Couldn't get Azure AD application owner(s) through the PowerShell module Az.Accounts (version 1.3.0).

Describe the solution you'd like Would like to have a cmdlet called "Get-AzADApplicationOwner".

Describe alternatives you've considered A property "Owner" of the Azure Ad application when we use the cmdlet "Get-AzADApplication".

Additional context As we can use Get-AzADApplication (Az.Accounts module) instead of Get-AzureADApplication (Azure Ad module). Why there is not a Get-AzADApplicationOwner (Az.Accounts module) cmdlet instead of Get-AzureADApplicationOwner (Azure Ad module).

[welcome[bot]]

Thank you for creating the issue! One of our team members will get back to you shortly with additional information.

[sudeepku]

@JamesDLD you can try Get-AzureADApplicationOwner -ObjectId see details here -https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadapplicationowner?view=azureadps-2.0

[JamesDLD]

@sudeepku Additional context As we can use Get-AzADApplication (Az.Accounts module) instead of Get-AzureADApplication (Azure Ad module). Why there is not a Get-AzADApplicationOwner (Az.Accounts module) cmdlet instead of Get-AzureADApplicationOwner (Azure Ad module)

[g0pinath]

Same problem here, its making it difficult for reporting. We cant go back to AzureRM module now, all other workbooks are now in Az.

[g0pinath]

@sudeepku Additional context As we can use Get-AzADApplication (Az.Accounts module) instead of Get-AzureADApplication (Azure Ad module). Why there is not a Get-AzADApplicationOwner (Az.Accounts module) cmdlet instead of Get-AzureADApplicationOwner (Azure Ad module)

James - I ended up installing AzureAD module and I could use this cmdlet with Az module.

I think this command wasnt a part of AzureRm module to start with so may not come at all in Az.

https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadapplicationowner?view=azureadps-2.0 module says AzureAD

I agree with your point thoug, why not et-AzADApplicationOwner (Az.Accounts module) cmdlet instead of Get-AzureADApplicationOwner (Azure Ad module)

[JamesDLD]

Hello @g0pinath indeed both commands weren't part of the AzureRm module but as Get-AzADApplication became part of the Az module I am asking to go to the end of reasoning and publish the command Get-AzADApplicationOwner.

[dixit2d]

Is there any timeline for getting this API. Any other workround to get the application owner for a registered application?

[savas-guven]

@RobdeJong, would love this request be considered for addition to the AZ.Accounts module.

[dvanackere-lpg]

Same for us, the functions Get-AzADApplicationOwner/Set-AzADApplicationOwner would really simplify work for us. The workaround is to use the old Get/Set-AzureADApplicationOwner (need to perform Connect-AzureAD first and the module AzureAD does not seem to work in powershell 7)

[andrewiankidd]

I've just hit this too, want to be able to add the service principal im using as an owner to an AD app, however I can't use 'Add-AzureADApplicationOwner' and there is no modern replacement it seems.

+1

[dorgrn]

Until this get picked up, you can also use AzureCli: az ad app owner list --id [App Object Id] https://docs.microsoft.com/en-us/cli/azure/ad/app/owner?view=azure-cli-latest I'm not a part of the team, this was just helpful for me

[candidson]

Any update regarding this? Is there a timeline which could be communicated?

[kaiaschulz]

Hi, since I had the same issue in past we decided to use the Azure Graph API. In the end, the AZ. cmdlets are also using the Azure APIs, right? Advantages are that we don't care about AZ versions anymore and are more independent.

So, how can you easily get your AzureAD owned objects or owners of a specific AzureAD application?

Prerequisite is a bearer token which can be easily created and use with this code-snippet: https://github.com/JulianHayward/AzAPICall/blob/main/AzAPICall.ps1 Beginning Line 610 I successfully replaced and tested the code:

# Only Az.Accounts is needed
Connect-AzAccount

#create bearer token
createBearerToken -targetEndPoint "MSGraphAPI"

# https://docs.microsoft.com/en-us/graph/api/user-list-ownedobjects?view=graph-rest-1.0&tabs=http
$currentTask = "Getting all my AzureAD owned applications"
Write-Host "$currentTask"
$uri = "$(($htAzureEnvironmentRelatedUrls).($checkContext.Environment.Name).MSGraphUrl)/beta/me/ownedObjects"
$method = "GET"
$requestAllAzureAdOwnedObjects = ((AzAPICall -uri $uri -method $method -currentTask $currentTask))
$aadOwnedApplications = $requestAllAzureAdOwnedObjects | Where-Object { $_."@odata.type" -match "application" }

# https://docs.microsoft.com/en-us/graph/api/application-list-owners?view=graph-rest-1.0&tabs=http
$currentTask = "Getting all AzureAD application owner of specific application"
Write-Host "$currentTask"
$uri = "$(($htAzureEnvironmentRelatedUrls).($checkContext.Environment.Name).MSGraphUrl)/beta/applications/<AzureAD Application Object ID>/owners" #AzureAD Application Object ID
$method = "GET"
$requestAllAzureAdOwnerOfSpecificApp = ((AzAPICall -uri $uri -method $method -currentTask $currentTask))
$requestAllAzureAdOwnerOfSpecificApp.displayName

[justengraves]

Bump, would be convenient to have Get-AzADApplicationOwner as part of Az.Account or Az.Resources to more easily automate app registration auditing.

[PinewoodNut]

Running into the same issue. Please add Get-AzADApplicationOwner / Set-AzADApplicationOwner to Az.Account.

[sgrinker303]

Are there any updates or ETA on when this might be possible with Get-AzADApplicationOwner? Missing features like this force flipping between modules and complicate scripting and other processes, or worse having to authenticate twice in both modules.

[LockTar]

I don't think it will come to the Az Module. Microsoft released a new PowerShell Module called Microsoft.Graph which will be the way forward. In this module the command is available. See the documentation for the Get-MgApplicationOwner command.

[LockTar]

See for more information these articles and my comments beneath them:

• Article 1
• Article 2