How to get Microsoft Entra ID application owners using Microsoft Graph PowerShell

The Get-MgApplicationOwner cmdlet helps you retrieve the list of owners assigned to an application in Microsoft Entra ID (formerly Azure AD). Application owners are privileged users responsible for managing key aspects of an application's life cycle, including registration details, client secrets, certificates, API permissions, and delegated access. Identifying owners can benefit security audits, compliance checks, and troubleshooting application access issues.

This article shows you how to view application owners using both the Microsoft Entra admin center and Microsoft Graph PowerShell:

View application owners using Entra ID admin center

View application owners in Microsoft Entra ID portal by following the steps below:

1. Go to Microsoft Entra admin center.
2. Select Azure Active Directory from the left-hand menu.
3. Click on App registrations.
4. Choose the application whose owners you want to view.
5. Select the Owners tab to see all assigned owners.

Retrieve application owners using Microsoft Graph PowerShell

Prerequisites

Ensure Microsoft Graph PowerShell module is installed and you have sufficient permissions to read application information:

Using the Get-MgApplicationOwner cmdlet

Run the script below by replacing <application-id> with the actual ID of the application to fetch owners.

Examples

Example 1: Retrieve owners of a specific application

Example 2: Get owners and display their user principal names

Example 3: Limit output to three owners

Supported parameters

The following are some essential parameters that can be used along with the Get-MgApplicationOwner cmdlet:

Limitations of using native tools to get application owners

• PowerShell commands can get complex with different use cases and scenarios.
• IT admins can spend a lot of time troubleshooting errors, which in turn negatively impacts productivity.
• Delegation can get tricky since technicians require elevated permissions.