Report Azure AD Application Proxy Connector Group assignments

By | May 10, 2019

The other day I tried (and failed) to find an easy way to query which applications were assigned to a specific Azure AD Application Proxy Connector Group.  Of course if you only have a few applications, you can simply grind through each application in the Azure Portal and view the assignment (see screenshot below).

Connector in AAD App Proxy app

If, on the other hand, you have a large number of applications, grinding through each application individually will be more than a little frustrating.  As always, Powershell offers a simpler way to get the result you need.

There are a couple of cmdlets that at first look appear to be very helpful: Get-AzureADApplicationProxyApplication and AzureADApplicationProxyApplicationConnectorGroup.  Unfortunately, these are quite limited in their scope.  What I was looking for was a cmdlet that would give me all the applications that use the Azure AD Application Proxy and include the relevant connector in the output.  Those two cmdlets can’t do that.  This is the closest I could get.

$proxyapps = Get-AzureADApplication | ? {$_.Homepage -match “msappproxy.net”}
foreach ($proxyapp in $proxyapps) {
$cgroup = (Get-AzureADApplicationProxyApplicationConnectorGroup -ObjectId $proxyapp.ObjectID).Name
Write-Host “Application Proxy app $($proxyapp.Displayname) uses Connector Group: $cgroup”
} #end

Yes, it’s a bit of kludge!  If you have a cleaner method then please leave a comment.  I’d love to know.

 

One thought on “Report Azure AD Application Proxy Connector Group assignments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.