PowerShell header

How to get the user count for Azure AD Enterprise Application

This post was most recently updated on October 9th, 2018.

Have you ever tried to find out the number of users of an enterprise application in your Office 365 tenant? This could be needed for multiple different reasons: maybe your organization is paying for the app and you want to know who’s actually using it, maybe the usage is required by a company policy and it’s useful to know if organization’s members are actually using it, or maybe you just want to know about the user adoption of an app.

For apps with under 100 users it’s easy – just open Azure AD and check the user count. For more popular apps, it’s a lot more difficult, however. Azure AD just shows “100+”, which is weirdly useless. However, with some PowerShell magic, we can dig out the real user count!


When you have an “Enterprise Application” in your Azure AD, you can quite easily access its properties from the Azure Portal. However, if you want to find out the number of users using the app, that’s not as straightforward.

Even for less popular apps, you’ll have to be using the right Azure AD instance (there are usually multiple Azure AD instances/directories associated with your Office 365 subscription!) and have permissions to access the Azure portal. If you’re using the app to access data in SharePoint Online, see this page on how to access the right Azure AD instance.

For more popular apps (with more than a hundred users), Azure AD will just show “100+” as the user count. It appears you cannot get the actual user count by using the Azure Portal web UI. An interesting solution by Microsoft, that’s for sure!

Solution: Use PowerShell to get Azure AD user count for the application’s Service Principal

You can luckily achieve this pretty easily with PowerShell!

The following script gets the AAD Service Principal for the Enterprise Application, and counts its assignments to users. Since Enterprise Applications are actually registered at another directory (the one their publisher uses), your Azure AD instance just provisions service principals for them in your directory, adds required permissions to these principals, and then assigns users to these service principals.

We can get the actual user count by counting the number of these assignments. By default, this is equivalent to users, who’ve used the app at least once. In some cases it’s possible that someone has assigned users to it otherwise (programmatically or by using a script before).

These next few lines of some PowerShell magic should do the trick.

How to get the Azure Ad user count for an Enterprise Application:
$app_name = "[app display name]"
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$assignments = Get-AzureADServiceAppRoleAssignment -ObjectId $sp.ObjectId -All $true
$assignments.Count # this row outputs the number of users of the app

That’s it. Hope it helps!


The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

Let me know your thoughts!