Application.ReadWrite.OwnedBy: List all applications owned by the calling application

Copper Contributor

Hi, I am trying to get only the applications that my app owns using Graph, and on the documentation it shows that I should be able to only list the applications where my app is owner. (This is to limit the content I have access to with my app)

Microsoft Graph permissions reference - Microsoft Graph | Microsoft Docs



  • Application.Read.All: List all applications (GET /beta/applications)
  • Application.ReadWrite.All: Delete a service principal (DELETE /beta/servicePrincipals/{id})
  • Application.ReadWrite.OwnedBy: Create an application (POST /beta/applications)
  • Application.ReadWrite.OwnedBy: List all applications owned by the calling application (GET /beta/servicePrincipals/{id}/ownedObjects)
  • Application.ReadWrite.OwnedBy: Add another owner to an owned application (POST /applications/{id}/owners/$ref).

    NOTE: This may require additional permissions.

However, if I create an app that has owner permissions on another app and I query against the Graph API "Applications" I am still able to list all applications in the tenant.

I thought having me added as owner, on an application and having only that permission on my app, would limit my result ? Am I missing something here? 





Adding the app as an owner in the following way: 

$objectIdOfApplicationToChange = Get-AzureADApplication -objectId "6929067b-b9ab-4bf6-bb17-81be5eb31ba1"
$objectIdOfApplicationThatNeedsToBeAdded = Get-AzureADApplication -ObjectId "21780578-3035-47c1-8096-a1641ab3123d"
Add-AzureAdApplicationOwner -ObjectId $objectIdOfApplicationToChange.ObjectId -RefObjectId (get-azureadserviceprincipal -all $true | where-object {$_.AppId -like $objectIdOfApplicationThatNeedsToBeAdded.AppId}).ObjectId


When I query the Graph through PowerShell, I was hoping to get a 403 when querying all applications...




Anyone tried to limit the result you get back using this permission ? It is not a wanted solution to give permissions to read all applications for this app, therefor we need to limit the access...

1 Reply

@Tore_Melberg Could you please ask this question on Microsoft Q&A as it is not to do with Search but broader Microsoft Graph? There are teams there that monitor those forums