This post was most recently updated on December 12th, 2022.3 min read.
Have you ever tried to find out the number of users of an enterprise application in your Office 365 tenant? This could be needed for multiple different reasons: maybe your organization is paying for the app and you want to know who’s actually using it, maybe the usage is required by a company policy and it’s useful to know if the organization’s members are actually using it, or maybe you just want to know about the user adoption of an app.
For apps with under 100 users it’s easy – just open Azure AD and check the user count. For more popular apps, it’s a lot more difficult, however. Azure AD just shows “100+“, which is weirdly useless. Doesn’t warm you much, if you’re wondering if you have 200 or 200 000 users for an app in your organization, right?
However, we can dig out the actual user count with some PowerShell magic!
If you’re not interested in the background stuff, just jump to the solution by clicking this.
When you have an “Enterprise Application” in your Azure AD, you can easily access its properties from the Azure Portal. However, if you want to find out the number of users using the app, that’s not as straightforward.
Even for less popular apps, you’ll have to be using the right Azure AD instance (there are usually multiple Azure AD instances/directories associated with your Office 365 subscription!) and have permission to access the Azure portal. If you’re using the app to access data in SharePoint Online, see this page on how to access the right Azure AD instance.
For more popular apps (with more than a hundred users), Azure AD will just show “100+” as the user count. It appears you cannot get the actual user count by using the Azure Portal web UI. An interesting solution by Microsoft, that’s for sure!
Solution: Use PowerShell to get the Azure AD user count for the application’s Service Principal
You can luckily achieve this pretty easily with PowerShell! I have a couple of different scripted approaches to show you.
The following scripts get the AAD Service Principal for the Enterprise Application and counts its assignments to different users.
Wait, what – where did the service principal come from?
Since Enterprise Applications are actually registered in another directory (the one their publisher uses), your Azure AD instance just provisions service principals for them in your directory adds required permissions to these principals and then assigns users to these service principals.
We can get the actual user count by counting the number of these assignments. By default, this is equivalent to users, who’ve used the app at least once. In some cases, it’s possible that someone has assigned users to it otherwise (programmatically or by using a script before).
These next few lines of some PowerShell magic should do the trick.
Or, like Nathan in the comments points out, you can do this with a one-liner like this:
Get-AzureADServicePrincipal -searchstring "[app display name]" | Get-AzureADServiceAppRoleAssignment | measure # So, for example you can run this: Get-AzureADServicePrincipal -searchstring "Office 365 SharePoint Online" | Get-AzureADServiceAppRoleAssignment | measure
The example command above on my test tenant outputs this:
That’s it. Quick and easy. Hope it helps!
- How to selectively remove items from an Azure blob storage container? - October 31, 2023
- How to update application settings for (all of your) App Services and Azure Functions on Azure using az cli? - October 24, 2023
- swa emulator throwing “✖ Could not connect to “http://localhost:7071″. Is the server up and running?”? - October 17, 2023