Microsoft Entra · Schema
Microsoft Entra Application
Schema for a Microsoft Entra ID application registration as represented in the Microsoft Graph API. Defines the application's identity configuration, credentials, permissions, redirect URIs, and sign-in settings.
Access ManagementAuthenticationAzure ADEntraIdentityIdentity GovernanceMicrosoftNetwork SecuritySecurityZero Trust
Properties
| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for the application object (GUID). This is the directory object ID, not the appId/client ID. |
| appId | string | The unique application (client) identifier assigned by Microsoft Entra ID during app registration. |
| displayName | string | The display name for the application. |
| description | stringnull | Free text field to provide a description of the application object to end users. |
| signInAudience | string | Specifies which Microsoft accounts are supported for the current application. |
| identifierUris | array | User-defined URIs that uniquely identify a Web application within its Microsoft Entra tenant or verified custom domain (e.g., api://contoso.com/myapp). |
| web | object | |
| spa | object | |
| publicClient | object | |
| api | object | |
| requiredResourceAccess | array | Specifies the resources that the application needs access to and the set of OAuth permission scopes and app roles required under each resource. |
| appRoles | array | Collection of roles defined for the application. These roles can be assigned to users, groups, or service principals. |
| keyCredentials | array | Collection of key (certificate) credentials associated with the application for token signing and verification. |
| passwordCredentials | array | Collection of password credentials (client secrets) associated with the application. |
| optionalClaims | object | |
| info | object | |
| tags | array | Custom strings that can be used to categorize and identify the application. |
| groupMembershipClaims | stringnull | Configures the groups claim issued in user or OAuth 2.0 access tokens. |
| isFallbackPublicClient | booleannull | Specifies the fallback application type as public client (e.g., installed application on a mobile device). Default is false. |
| defaultRedirectUri | stringnull | The default redirect URI. If specified, it is used when no specific redirect URI is matched. |
| certification | objectnull | Publisher certification status of the application. |
| publisherDomain | string | The verified publisher domain for the application. |
| createdDateTime | string | The date and time the application was registered. |
| deletedDateTime | stringnull | The date and time the application was deleted. |