Get-MgServicePrincipal Cmdlet in Microsoft Graph PowerShell

The Get-MgServicePrincipal cmdlet in Microsoft Graph PowerShell allows administrators to retrieve and manage service principals within their Microsoft 365 tenant. Service principals represent applications and services registered in Entra ID (Azure AD), and this cmdlet provides flexible options to filter, search, and display these entities effectively.

Cmdlet Syntax

Get-MgServicePrincipal [-All] [-ConsistencyLevel <String>] [-CountVariable <String>] [-Filter <String>] [-Search <String>]

Usage Examples

1. Retrieve All Service Principals

Get-MgServicePrincipal



This command retrieves all service principals available in the tenant.

2. Retrieve a Specific Service Principal by Display Name

Get-MgServicePrincipal -Filter "DisplayName eq 'Power BI Service'" | Format-List Id, DisplayName, AppId, SignInAudience



This retrieves the service principal for Power BI Service and displays selected properties.

3. Retrieve Top 5 Service Principals Starting with 'a'

Get-MgServicePrincipal -ConsistencyLevel eventual -Count spCount -Filter "startsWith(DisplayName, 'a')" -Top 5



This command fetches the top 5 service principals whose display names start with 'a'.

4. Search for Service Principals Containing 'Team' in Display Name

Get-MgServicePrincipal -ConsistencyLevel eventual -Count spCount -Search '"DisplayName:Team"'



This searches for service principals with 'Team' in their display names.

Cmdlet Tips

• Always use -ConsistencyLevel eventual when using -Filter or -Search with -Count.
• Use -All to retrieve all service principals without paging.
• Pipe results to Format-Table or Format-List for better readability.

Use Cases

• Auditing:: Retrieve all service principals to review what applications have access to your Microsoft 365 environment, ensuring proper permissions are maintained.
• Filtering: Search for specific service principals based on names or other attributes, helping administrators quickly find and manage application identities.
• Counting: Count service principals for reporting or management, useful for understanding the scope of applications registered.
• Properties Retrieval: Display detailed information such as IDs, AppIds, and sign-in details to ensure each application is correctly configured and secured.

Possible Errors & Solutions

Error Message	Cause	Solution
Request_UnsupportedQuery	Unsupported query syntax in - Filter or -Search.	Ensure the correct property names and supported query operators.
InvalidAuthenticationToken	Expired or invalid authentication token.	Re-authenticate using Connect-MgGraph.
ResourceNotFound	The service principal does not exist.	Verify the display name or AppId

FAQs

• What is a service principal?
  A service principal is an identity created in Entra ID (Azure AD) to represent an application or service. It allows applications to access resources securely without user credentials.
• How can Get-MgServicePrincipal be useful?
  This cmdlet helps administrators list, filter, and manage application identities, ensuring they have correct access, monitoring them for security, and troubleshooting permission issues.
• Can I use wildcards with -Filter in Get-MgServicePrincipal?
  No, use functions like startswith or endswith instead.
• Is -All mandatory for large datasets in Get-MgServicePrincipal?
  Yes, if you need to retrieve all entries without default paging.
• What permissions are required for Get-MgServicePrincipal?
  Directory.Read.All or similar delegated/app permissions.

Conclusion

The Get-MgServicePrincipal cmdlet is essential for managing service principals in Microsoft 365. By mastering its usage, you can efficiently audit, filter, and retrieve service principal details for your tenant. Always ensure proper permissions and use -ConsistencyLevel eventual for advanced filtering and searching.