The other day I tried (and failed) to find an easy way to query which applications were assigned to a specific Azure AD Application Proxy Connector Group. Of course if you only have a few applications, you can simply grind through each application in the Azure Portal and view the assignment (see screenshot below).
If, on the other hand, you have a large number of applications, grinding through each application individually will be more than a little frustrating. As always, Powershell offers a simpler way to get the result you need.
There are a couple of cmdlets that at first look appear to be very helpful: Get-AzureADApplicationProxyApplication and AzureADApplicationProxyApplicationConnectorGroup. Unfortunately, these are quite limited in their scope. What I was looking for was a cmdlet that would give me all the applications that use the Azure AD Application Proxy and include the relevant connector in the output. Those two cmdlets can’t do that. This is the closest I could get.
$proxyapps = Get-AzureADApplication | ? {$_.Homepage -match “msappproxy.net”}
foreach ($proxyapp in $proxyapps) {
$cgroup = (Get-AzureADApplicationProxyApplicationConnectorGroup -ObjectId $proxyapp.ObjectID).Name
Write-Host “Application Proxy app $($proxyapp.Displayname) uses Connector Group: $cgroup”
} #end
Yes, it’s a bit of kludge! If you have a cleaner method then please leave a comment. I’d love to know.
Awesome thanks Tony
Pingback: Reporting on Entra Application Proxy published applications – Graph PowerShell | F12