steampipe plugin install azuread

Table: azuread_application - Query Azure Active Directory Applications using SQL

Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It helps your employees sign in and access resources in external resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications. Azure AD Applications are the entities that are used to manage and secure app resources within your Azure AD tenant.

Table Usage Guide

The azuread_application table provides insights into applications registered within Azure Active Directory. As a security administrator, explore application-specific details through this table, including the application's ID, display name, and whether it's available to other tenants. Utilize it to uncover information about applications, such as those that are multi-tenanted, the types of permissions they have, and their associated service principals.

Examples

Basic info

Explore which applications are registered in your Azure Active Directory by identifying their display names and associated IDs. This can help you manage and monitor your applications effectively.

select
display_name,
id,
app_id
from
azuread_application;
select
display_name,
id,
app_id
from
azuread_application;

List owners of an application

This query helps to identify the owners of a specific application within a system, which is useful for understanding who has control over and responsibility for that application. It's particularly beneficial in scenarios where there is a need to audit access rights or investigate potential security issues.

select
app.display_name as application_name,
app.id as application_id,
o as owner_id,
u.display_name as owner_display_name
from
azuread_application as app,
jsonb_array_elements_text(owner_ids) as o
left join azuread_user as u on u.id = o
where
app.id = 'a6656898-3879-4d35-8a58-b34237095a70';
select
app.display_name as application_name,
app.id as application_id,
o.value as owner_id,
u.display_name as owner_display_name
from
azuread_application as app,
json_each(app.owner_ids) as o
left join azuread_user as u on u.id = o.value
where
app.id = 'a6656898-3879-4d35-8a58-b34237095a70';

Schema for azuread_application

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
apijsonbSpecifies settings for an application that implements a web API.
app_idtext=The unique identifier for the application that is assigned to an application by Azure AD.
created_date_timetimestamp with time zoneThe date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time.
descriptiontextFree text field to provide a description of the application object to end users.
display_nametext=The display name for the application.
idtext=The unique identifier for the application.
identifier_urisjsonbThe URIs that identify the application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
infojsonbBasic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience.
is_authorization_service_enabledbooleanIs authorization service enabled.
key_credentialsjsonbThe collection of key credentials associated with the application.
oauth2_require_post_responsebooleanSpecifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. The default is false, which specifies that only GET requests are allowed.
owner_idsjsonbId of the owners of the application. The owners are a set of non-admin users who are allowed to modify this object.
parental_control_settingsjsonbSpecifies parental control settings for an application.
password_credentialsjsonbThe collection of password credentials associated with the application.
publisher_domaintext=The verified publisher domain for the application.
sign_in_audiencetextSpecifies the Microsoft accounts that are supported for the current application.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
spajsonbSpecifies settings for a single-page application, including sign out URLs and redirect URIs for authorization codes and access tokens.
tagsjsonbA map of tags for the resource.
tags_srcjsonbCustom strings that can be used to categorize and identify the application.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Tenant ID where the resource is located.
titletextTitle of the resource.
webjsonbSpecifies settings for a web application.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azuread

You can pass the configuration to the command with the --config argument:

steampipe_export_azuread --config '<your_config>' azuread_application