Looking up the names of Microsoft first party applications and Graph Permissions can be quite tricky.
Microsoft publishes a static list of the common app names in the Verify first-party Microsoft applications in sign-in reports doc.
There are a few problems with this.
- It is in markdown and is not easily consumable by scripts and KQL queries that need to perform lookups.
- It does not list all of the Microsoft apps that can be found through Microsoft Graph API.
With Graph Permissions you need to authentication with Microsoft Graph to get the list of application and delegate permissions. This is not always possible in a script or a KQL query.
This repository provides an up-to-date list of Microsoft first party apps and Graph Permissions that can be easily consumed by scripts.
Use the following urls to consume this data in your scripts.
- First Party Apps
- Graph Permissions - App permissions
- Graph Permissions - Delegate permissions
This repository runs a daily automation to generate the latest list of Microsoft first party application. The source of the data includes
- Microsoft Graph →
$filter = appOwnerOrganizationId eq [MicrosoftTenant]- Run a query against a demo Microsoft 365 tenant and get a list of all the apps that belong to Microsoft.
- Microsoft Learn → Verify first-party Microsoft applications in sign-in reports
- Parse the markdown from the tables in this Microsoft Learn doc
- Community contributed app names → ./customdata/OtherMicrosoftApps.csv
- App names contributed by the community to this repository. Submit a PR to add entries to this file.
If an app id exists in more than one list the order of precedence for the app name is → Graph, Learn and then GitHub
Follow the steps below if you need to set up this automation in your own repo.
- Fork this repo
- Create an app in your tenant with the Application.Read.All app permission following the instructions on this page to configure Workload ID federation
