Microsoft Entra · Schema

Microsoft Entra Application

Schema for a Microsoft Entra ID application registration as represented in the Microsoft Graph API. Defines the application's identity configuration, credentials, permissions, redirect URIs, and sign-in settings.

Access ManagementAuthenticationAzure ADEntraIdentityIdentity GovernanceMicrosoftNetwork SecuritySecurityZero Trust

Properties

Name Type Description
id string Unique identifier for the application object (GUID). This is the directory object ID, not the appId/client ID.
appId string The unique application (client) identifier assigned by Microsoft Entra ID during app registration.
displayName string The display name for the application.
description stringnull Free text field to provide a description of the application object to end users.
signInAudience string Specifies which Microsoft accounts are supported for the current application.
identifierUris array User-defined URIs that uniquely identify a Web application within its Microsoft Entra tenant or verified custom domain (e.g., api://contoso.com/myapp).
web object
spa object
publicClient object
api object
requiredResourceAccess array Specifies the resources that the application needs access to and the set of OAuth permission scopes and app roles required under each resource.
appRoles array Collection of roles defined for the application. These roles can be assigned to users, groups, or service principals.
keyCredentials array Collection of key (certificate) credentials associated with the application for token signing and verification.
passwordCredentials array Collection of password credentials (client secrets) associated with the application.
optionalClaims object
info object
tags array Custom strings that can be used to categorize and identify the application.
groupMembershipClaims stringnull Configures the groups claim issued in user or OAuth 2.0 access tokens.
isFallbackPublicClient booleannull Specifies the fallback application type as public client (e.g., installed application on a mobile device). Default is false.
defaultRedirectUri stringnull The default redirect URI. If specified, it is used when no specific redirect URI is matched.
certification objectnull Publisher certification status of the application.
publisherDomain string The verified publisher domain for the application.
createdDateTime string The date and time the application was registered.
deletedDateTime stringnull The date and time the application was deleted.
View JSON Schema on GitHub