Get-EntraBetaServicePrincipalAppRoleAssignment
Gets a service principal application role assignment.
Syntax
Get-EntraBetaServicePrincipalAppRoleAssignment
-ServicePrincipalId <String>
[-All]
[-Top <Int32>]
[-Property <String[]>]
[<CommonParameters>] Description
The Get-EntraBetaServicePrincipalAppRoleAssignment cmdlet gets a role assignment for a service principal application in Microsoft Entra ID.
For delegated scenarios, the calling user needs at least one of the following Microsoft Entra roles.
- Directory Synchronization Accounts
- Directory Writer
- Hybrid Identity Administrator
- Identity Governance Administrator
- Privileged Role Administrator
- User Administrator
- Application Administrator
- Cloud Application Administrator
Examples
Example 1: Retrieve the application role assignments for a service principal
Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraBetaServicePrincipalAppRoleAssignment -ServicePrincipalId $servicePrincipal.Id
Id AppRoleId CreationTimestamp PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ResourceId
-- --------- ----------------- -------------------- ----------- ------------- ------------------- ----------
1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User ProvisioningPowerBi 021510b7-e753-40…This command gets application role assignments for specified service principal. You can use the command Get-EntraBetaServicePrincipal to get service principal Id.
-ServicePrincipalIdparameter specifies the service principal Id.
Example 2: Retrieve all application role assignments for a service principal
Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraBetaServicePrincipalAppRoleAssignment -ServicePrincipalId $servicePrincipal.Id -All
Id AppRoleId CreationTimestamp PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ResourceId
-- --------- ----------------- -------------------- ----------- ------------- ------------------- ----------
1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User ProvisioningPowerBi 021510b7-e753-40…
2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User1 ProvisioningPowerBi 021510b7-e753-40…
3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User2 ProvisioningPowerBi 021510b7-e753-40…
4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User3 ProvisioningPowerBi 021510b7-e753-40…
5eeeeee5-6ff6-7aa7-8bb8-9cccccccccc9 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User4 ProvisioningPowerBi 021510b7-e753-40…This command gets all application role assignments for specified service principal.
-ServicePrincipalIdparameter specifies the service principal Id.
Example 3: Retrieve the top three application role assignments for a service principal
Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraBetaServicePrincipalAppRoleAssignment -ServicePrincipalId $servicePrincipal.Id -Top 3
Id AppRoleId CreationTimestamp PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName ResourceId
-- --------- ----------------- -------------------- ----------- ------------- ------------------- ----------
1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User ProvisioningPowerBi 021510b7-e753-40…
2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User1 ProvisioningPowerBi 021510b7-e753-40…
3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7 00000000-0000-0000-0000-000000000000 07-07-2023 17:03:59 MOD Administrator aaaaaaaa-bbbb-cccc-1111-222222222222 User2 ProvisioningPowerBi 021510b7-e753-40…This command gets top three application role assignments for specified service principal. You can use -Limit as an alias for -Top.
-ServicePrincipalIdparameter specifies the service principal Id.
Parameters
-All
List all pages.
| Type: | System.Management.Automation.SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Property
Specifies properties to be returned.
| Type: | System.String[] |
| Aliases: | Select |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ServicePrincipalId
Specifies the ID of a service principal in Microsoft Entra ID.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Top
The maximum number of records to return.
| Type: | System.Int32 |
| Aliases: | Limit |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Notes
Get-EntraBetaServiceAppRoleAssignment is an alias for Get-EntraBetaServicePrincipalAppRoleAssignment.