M365 Glossary

Get-MgApplicationOwner

What is Get-MgApplicationOwner?

Get-MgApplicationOwner is a Microsoft Graph PowerShell cmdlet that retrieves the owner(s) of a specific application registration in Microsoft Entra ID (Azure AD). Application owners are users or service principals responsible for managing the app—such as maintaining secrets, certificates, permissions, or general configuration.

This cmdlet helps admins quickly identify who owns an app, which is essential for governance, audits, and app lifecycle management.

🚀 Community Edition Released!

Try the M365Corner Microsoft 365 Reporting Tool — your DIY pack with 20+ out-of-the-box M365 reports for Users, Groups, and Teams.

📥 Get it on GitHub ℹ️ Know More

Why Use Get-MgApplicationOwner?

You can use Get-MgApplicationOwner to automate ownership discovery and reporting, especially when your tenant contains many app registrations. Key benefits include:

Security and compliance audits: Confirm every app has valid owners.
App lifecycle governance: Identify responsible owners before updating or deleting apps.
Access reviews: Validate ownership when apps request elevated permissions.
Automation at scale: Generate ownership reports instead of manually checking apps in Entra admin center.
Troubleshooting: Find the right contacts when apps are misconfigured or failing.

Prerequisites

Before using this cmdlet, ensure you have Graph PowerShell installed and connected with suitable permissions:

Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "Application.Read.All"

If you're doing ownership modifications later, use Application.ReadWrite.All.

Important note: Get-MgApplicationOwner does not support the -Filter parameter. Using it triggers a Request_UnsupportedQuery error.

How to use Get-MgApplicationOwner?

This cmdlet requires the ApplicationId (Object ID) of the app registration.

Basic syntax:

Get-MgApplicationOwner -ApplicationId <String>

You can pipe results into Get-MgUser to return human-friendly owner details like UPN or DisplayName.

Get-MgApplicationOwner Examples

Example 1: Retrieve Owner of a Specific Application

This example retrieves owner of an application with a specified ApplicationId and outputs user marked as application owner (identified by the provided ApplicationId) and displays Displayname and UserId of application owner using Get-MgUser cmdlet.

Get-MgApplicationOwner -ApplicationId "2a1b3c4d-5678-90ab-cdef-1234567890ab"

Example 2: Retrieve Owners of a Specific Application

This example retrieves multiple owners of an application with a specified ApplicationId, loops through the owners list, and outputs the DisplayName, UserPrincipalName, and User ID of the application owners using Get-MgUser cmdlet.


    $owners = Get-MgApplicationOwner -ApplicationId 
    foreach($owner in $owners){
        Get-MgUser -UserId $owner.Id | Select-Object Id, DisplayName, UserPrincipalName
    }

Summary

Key Point	Details
Cmdlet Name	Get-MgApplicationOwner
Purpose	Retrieves owner(s) of an Entra ID application
Required Scope	Application.Read.All (or Application.ReadWrite.All)
Primary Parameters	ApplicationId
Automation Benefit	Enables ownership auditing and reporting at scale
Use Case	Security reviews, governance checks, ownership validation

Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.

Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.