Search code examples
azureazure-active-directorymicrosoft-entra-id

Issue with Locating the Microsoft Azure CLI Application Despite It Being Visible in Entra Sign-in Logs

I cannot find the following application (Microsoft Azure CLI 04b07795-8ddb-461a-bbee-02f9e1bf7b46) in my Azure tenant by any method imaginable.

First, I used a locally installed Microsoft CLI to log in to my tenant.

Azure cli logon

Then, I checked the sign-in logs and saw the following values:

Entra ID signin logs

The values match the Microsoft documentation: Verify first-party apps sign-in. https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/governance/verify-first-party-apps-sign-in

I checked all Enterprise apps, but I could not find a match.

Connect-MgGraph -Scopes "Directory.Read.All", "Application.Read.All"

Get-MgServicePrincipal -All -Property * | Where-Object {$_.Displayname -like "*CLI*"}

DisplayName Id AppId

----------- -- -----

SharePoint Online Web Client Extensibility Isolated 19fb6d6a-0953-4e59-826b-4ebac1c8133a 3bc2296e-aa22-4ed2-9e1e-946d0…

Azure Multi-Factor Auth Client 2b027fbc-b813-47fc-b88b-c2fa164e45f8 981f26a1-7f43-403b-a875-f8b09…

OCaaS Client Interaction Service 63c2caae-86f8-43e6-9e4e-b3647d63a13a c2ada927-a9e2-4564-aae2-70775…

OfficeClientService 9c877073-a359-4396-b424-d1cf0408b096 0f698dd4-f011-4d23-a33e-b3641…

SharePoint Online Web Client Extensibility bbde190f-2f8f-4399-9a33-cb8a6f1891cf 08e18876-6177-487e-b8b5-cf950…

Also, the GUI does not return anything: Enterprise application in the GUI filtered

Even using the deprecated method via the AzureAD module does not return anything:

Install-Module -Name AzureAD
Import-Module AzureAD
Connect-AzureAD

 (Get-AzureADServicePrincipal -All $true) | Where-Object {$_.DisplayName -like "*CLI*"}

ObjectId                             AppId                                DisplayName                                        
--------                             -----                                -----------                                        
19fb6d6a-0953-4e59-826b-4ebac1c8133a 3bc2296e-aa22-4ed2-9e1e-946d05afa6a2 SharePoint Online Web Client Extensibility Isolated
2b027fbc-b813-47fc-b88b-c2fa164e45f8 981f26a1-7f43-403b-a875-f8b09b8cd720 Azure Multi-Factor Auth Client                     
63c2caae-86f8-43e6-9e4e-b3647d63a13a c2ada927-a9e2-4564-aae2-70775a2fa0af OCaaS Client Interaction Service                   
9c877073-a359-4396-b424-d1cf0408b096 0f698dd4-f011-4d23-a33e-b36416dcb1e6 OfficeClientService                                
bbde190f-2f8f-4399-9a33-cb8a6f1891cf 08e18876-6177-487e-b8b5-cf950c1e598c SharePoint Online Web Client Extensibility

I also tried to filter by Id instead of by display name, but without success.

My question is: How can I find this application? Based on the sign-in logs, it should exist in my tenant.

Solution

  • Note that, Microsoft Azure CLI is first-party Microsoft application with app ID as 04b07795-8ddb-461a-bbee-02f9e1bf7b46.

    In some tenants, this service principal might not appear in Enterprise applications tab like this:

    enter image description here

    In such cases, you can make use of below CLI command to manually create service principal:

    az ad sp create --id 04b07795-8ddb-461a-bbee-02f9e1bf7b46

    Response:

    enter image description here

    To confirm that, I checked the same in Portal where "Microsoft Azure CLI" application appeared successfully as below:

    enter image description here