Reporting on Entra Application Proxy published applications – Graph PowerShell

I thought it will be a quick Google search to find a PowerShell script that will give a report on applications published via Entra application proxy, but I found only scripts (link1, link2, link3) using the AzureAD PowerShell module – so I decided to write a new version using Graph PowerShell.

The script:

#Requires Microsoft.Graph.Beta.Applications
Connect-MgGraph

$AppProxyConnectorGroups = Get-MgBetaOnPremisePublishingProfileConnectorGroup -OnPremisesPublishingProfileId applicationproxy

$AppProxyPublishedApps = foreach ($connector in $AppProxyConnectorGroups){
Get-MgBetaOnPremisePublishingProfileConnectorGroupApplication -connectorgroupid $connector.id -OnPremisesPublishingProfileId applicationproxy | % {
    $onpremisesPublishingInfo = (Get-MgBetaApplication -applicationID $_.id -Property onpremisespublishing).onpremisespublishing
    [pscustomobject]@{
        DisplayName = $_.DisplayName
        Id = $_.id
        AppId = $_.appid
        ExternalURL = $onpremisesPublishingInfo.ExternalURL
        InternalURL = $onpremisesPublishingInfo.InternalURL
        ConnectorGroupName = $connector.name
        ConnectorGroupId = $connector.id

    }
}
}

$AppProxyPublishedApps

Some story

Entra portal is still using the https://main.iam.ad.ext.azure.com/api/ApplicationProxy/ConnectorGroups endpoint to display the connector groups:

So the next step was to figure out if there are some Graph API equivalents. Google search: graph connectorgroups site:microsoft.com led me to this page: https://learn.microsoft.com/en-us/graph/api/connectorgroup-list?view=graph-rest-beta&preserve-view=true&tabs=http
From this point it was “easy” to follow the logic of previously linked scripts and “translate” AzureAD PowerShell commands to Graph PS.

Note: as per the documentation, Directory.ReadWrite.All permission is required and only delegated permissions work.

As an alternative, I share the original script that did not use these commands from Microsoft.Graph.Beta.Applications

Connect-MgGraph

$AppProxyConnectorGroups = Invoke-MgGraphRequest -Uri 'https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorgroups' -Method GET

$AppProxyPublishedApps = foreach ($connector in $AppProxyConnectorGroups.value){
  $publishedApps =  Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorgroups/$($connector.id)/applications" -Method GET
  foreach ($app in $publishedApps.value){
  [PSCustomObject]@{
    DisplayName = $app.DisplayName
    id = $app.id
    appId = $app.appId
    ConnectorGroupName = $connector.name
    ConnectorGroupID = $connector.id
  }
 }
}

$AppProxyReport = foreach ($publishedApp in $AppProxyPublishedApps){
    $onpremisesPublishingInfo = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/applications/$($publishedApp.id)?`$select=onpremisespublishing" -Method GET
    [PSCustomObject]@{
        DisplayName = $publishedApp.DisplayName
        id = $publishedApp.id
        appid = $publishedApp.appId
        ConnectorGroupName = $publishedApp.ConnectorGroupName
        ConnectorGroupID = $publishedApp.ConnectorGroupID
        ExternalURL = $onpremisesPublishingInfo.onPremisesPublishing.externalUrl
        InternalURL = $onpremisesPublishingInfo.onPremisesPublishing.internalUrl
        externalAuthenticationType = $onpremisesPublishingInfo.onPremisesPublishing.externalAuthenticationType
    }
}

by Daniel Kovacs on April 4, 2024 • Permalink

Posted in AzureAD, PowerShell

Posted by Daniel Kovacs on April 4, 2024

https://f12.hu/2024/04/04/reporting-on-entra-application-proxy-published-applications-graph-powershell/

Comments are closed.

Archives
Categories
Disclaimer

The information on this website is provided for informational purposes only and I make no warranties, either express or implied. Information in these documents, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user.

The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of my employer.
Social

LinkedIn

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Recent Posts

Recent Comments

Reporting on Entra Application Proxy published applications – Graph PowerShell

Archives

Categories

Disclaimer

Social