Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
Was this article helpful? Your input is important to us. Please use the Feedback button on this page to let us know how well this article worked for you or how we can improve it.
When you review your sign-in reports, you might see an application in your sign-in report that you don't own and want to identify. You also might wonder how you signed in to that app, if you don't remember accessing the app.
Here's an example sign-in report:
For example, when you access learn.microsoft.com, the application that's shown in the sign-in log may show dev-rel-auth-prod, but this isn't descriptive of learn.microsoft.com.
Although the apps that are listed in sign-in reports are owned by Microsoft and aren't suspicious applications, you can determine whether Microsoft owns a Microsoft Entra service principal that's found in your Microsoft Entra logs.
Note
First-party Microsoft applications don't always result in a service principal that's created in your tenant. In this case, you'll likely continue to see the applications in your sign-in reports.
Verify a first-party Microsoft service principal in your Microsoft Entra tenant
Open the list of enterprise applications in Microsoft Entra ID.
In the navigation pane, select All applications.
In the Application Type drop-down list, select Microsoft Applications, and then select Apply. All applications that are listed here are owned by Microsoft.
In the search box below the drop-down lists, filter the Microsoft application list by adding a specific Display Name or Application ID.
Select the desired app, and then select Properties in the navigation pane to view the listed app's properties. Verify that you see the following error message:
You can't delete this application because it's a Microsoft first party application.
Verify a first-party Microsoft service principal through PowerShell
Using Microsoft Graph PowerShell SDK
Open PowerShell, import Microsoft Graph PowerShell SDK and then connect to Microsoft Entra ID:
Import-Module Microsoft.Graph.Applications Connect-MgGraphIn the PowerShell command-line, enter the display name of the application and run the following cmdlet:
$appDisplayName = '<display name>' Get-MgServicePrincipal -Filter "DisplayName eq '$appDisplayName'" | Select-Object Id, DisplayName, SignInAudience, AppOwnerOrganizationIdReview the
AppOwnerTenantIdvalue in the output.
In the screenshot,
f8cdef31-a31e-4b4a-93e4-5f571e91255ais the Microsoft Service's Microsoft Entra tenant ID.
Using Microsoft Entra PowerShell
Open PowerShell, import Microsoft Graph PowerShell SDK and connect to Microsoft Entra ID:
Import-Module Microsoft.Entra Connect-EntraIn the PowerShell command-line, enter the display name of the application and run the following cmdlet:
$appDisplayName = '<display name>' Get-EntraServicePrincipal -SearchString $appDisplayName | Select-Object Id, DisplayName, SignInAudience, AppOwnerOrganizationIdReview the result's
AppOwnerTenantId.
In the screenshot,
f8cdef31-a31e-4b4a-93e4-5f571e91255ais the Microsoft Service's Microsoft Entra tenant ID.
Application IDs of Microsoft tenant-owned applications
The following table lists some, but not all, Microsoft tenant-owned applications (tenant ID: 72f988bf-86f1-41af-91ab-2d7cd011db47).
| Application Name | Application IDs |
|---|---|
| Graph Explorer | de8bc8b5-d9f9-48b1-a8ad-b748da725064 |
| Microsoft Graph Command Line Tools | 14d82eec-204b-4c2f-b7e8-296a70dab67e |
| OutlookUserSettingsConsumer | 7ae974c5-1af7-4923-af3a-fb1fd14dcb7e |
| Vortex [wsfed enabled] | 5572c4c0-d078-44ce-b81c-6cbf8d3ed39e |
More information
For more information, see Sign-in activity reports in the Microsoft Entra admin center.
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.