Loading...
D365Hub logo D365Hub

How to use Azure CLI to Generate Documentation for Azure AD Applications?

How to use Azure CLI to Generate Documentation for Azure AD Applications?

Your organization likely has hundreds of Azure AD Applications. And with the constant addition, development and subset of new applications with various access points, it becomes imperative to use a script that streamlines the documentation process and helps creates technical documentation for every registered application. And that’s where the following script steps in.

What is Azure Active Directory?

Azure Active Directory is an Identity and Access Management (IAM) system. It provides a single place to store information about digital identities. You can configure your applications to use Azure AD as the place where user information is stored.

Advantages of generating documentation for Azure AD Applications

  • Improves the experience for developers using your Azure AD Applications
  • Decreases the amount of time spent on-boarding developers and application integration partners.
  • Leads to good maintenance and quicker updates.
  • API permissions, scopes, roles help developers and integration partners to understand the Azure AD Application and know what it can do
  • Decreases the amount of time spent on decoding unexpected errors when using it.

In this article, I have attached a PowerShell script that takes the details of the given Azure AD Applications as input and creates readable markdown documentation that you can share with developers and integration partners using the simple use of Azure’s CLI commands.

Prerequisites

  • Azure CLI
  • Azure AD Applications registered in Azure tenant
  • Azure Application Administrator / Developer role
  • Login to Azure using Azure CLI before executing following script

Note - This code has not been optimized and is for demo purpose. You might need to modify the code as per your requirements.

PowerShell Script

function GetTenantId() {
    $accountDetails = az account list | ConvertFrom-Json
    return $accountDetails.tenantId
}
function GetAadApplications() {
    return (az ad app list --all) | ConvertFrom-Json 
}
function GenerateDocumentation($aadApplications) {
    $progressCountApp = 1;

    ForEach ($appInfo in $aadApplications) {
        Write-Progress -Id 0 -Activity "Generating Documentation for the App: $($appInfo.displayName)" -Status "App $progressCountApp of $($aadApplications.length)" -PercentComplete (($progressCountApp / $aadApplications.length) * 100)
        $outputDocumentPath = -join ($outputFolderPath, "\" , $appInfo.displayName, ".md")
        
        $fragments = @()

        $fragments += "# $($docTitle)`n"
        $fragments += "$($docDescription)`n"

        $fragments += "## App Details"
        $fragments += "| Property  | Value  |"
        $fragments += "| ------ | ------ |"
        $fragments += "|Display Name|$($appInfo.displayName)|"
        $fragments += "|App Id|$($appInfo.appId)|"
        $fragments += "|Publisher Domain|$($appInfo.publisherDomain)|"

        $fragments += "`n## Resource Access"

        ForEach ($resource in $appInfo.requiredResourceAccess) {
            $currentResource = (az ad sp show --id $resource.resourceAppId) | ConvertFrom-Json

            $resourceName = $currentResource.displayName
            if (![string]::IsNullOrEmpty($resourceName)) {
                $fragments += "`n### $($resourceName)"
            }

            if ($resource.resourceAccess) {
                $fragments += "`n_App Roles_"
                $fragments += "| Role  |"
                $fragments += "| ------ |"
    
                $appRoles = (az ad sp show --id $resource.resourceAppId --query "appRoles[].{Value:value, Id:id}") | ConvertFrom-Json
                ForEach ($access in $resource.resourceAccess) {
                    $appRole = ($appRoles | Where-Object { $_.Id -eq $access.id })
                    $appRoleName = $appRole.Value
                    if (![string]::IsNullOrEmpty($appRoleName)) {
                        if (![string]::IsNullOrEmpty($appRoleName)) {
                            $fragments += "|$($appRoleName)|"
                        }
                    }
                }
            }

            if ($resource.oauth2Permissions) {
                $fragments += "`n_OAuth2 Permissions_"
                $fragments += "| Permission  |"
                $fragments += "| ------ |"
                $oauth2Permissions = (az ad sp show --id $resource.resourceAppId --query "oauth2Permissions[].{Value:value, Id:id}") | ConvertFrom-Json    
                ForEach ($oauth2Permission in $resource.oauth2Permissions) {
                    $appOauth2Permission = ($oauth2Permissions | Where-Object { $_.Id -eq $oauth2Permission.id })
                    $appOauth2PermissionName = $appOauth2Permission.Value
                    if (![string]::IsNullOrEmpty($appOauth2PermissionName)) {
                        $fragments += "|$($appOauth2PermissionName)|"
                    }
                }
            }
        }

        $fragments += "`n_report run $(Get-Date)_"  
        $fragments | out-file -FilePath $outputDocumentPath

        $progressCountApp++
    }

    Write-Progress -Id 0 -Activity " " -Status " " -Completed
}

$docTitle = "Azure AD Application Details"
$docDescription = "This is a script generated documentation. For more details contact teamname_GDL@yourcompany.com"
$outputFolderPath = $PSScriptRoot
$aadApplications = GetAadApplications 
GenerateDocumentation $aadApplications

Output

document-aad-applications.png

I would like to thank Jayakumar Balasubramaniam for the support he provided to review and finalize this script.

Published on:

Learn more
Home | Joseph Velliah
Home | Joseph Velliah

Fulfilling God’s purpose for my life

Share post:

Related posts

Azure Data Factory and Databricks Lakeflow: An Architectural Evolution in Modern Data Platforms

As data platforms evolve, the role of orchestration is being quietly reexamined. This article explores how Azure Data Factory and Databricks L...

3 hours ago

Azure Confidential Computing with KT Corporation and AMD

11 hours ago

Part 2: Building a Python CRUD API with Azure Functions and Azure Cosmos DB

Series: Building Serverless Applications with Azure Functions and Azure Cosmos DB In the first post of this series, we focused on establishing...

16 hours ago

Azure Cosmos DB Data Explorer now supports Dark Mode

If you spend time in the Azure Portal’s using Azure Cosmos DB Data Explorer, you know it’s a “lots of screens, lots of tabs, lots of work happ...

1 day ago

Microsoft Entra ID Governance: Azure subscription required to continue using guest governance features

Starting January 30, 2026, Microsoft Entra ID Governance requires tenants to link an Azure subscription to use guest governance features. With...

3 days ago

Azure Developer CLI (azd) – January 2026: Configuration & Performance

This post announces the January 2026 release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) – January 2026: Conf...

4 days ago

Azure SDK Release (January 2026)

Azure SDK releases every month. In this post, you'll find this month's highlights and release notes. The post Azure SDK Release (January 2026)...

5 days ago

Azure Cosmos DB TV Recap – From Burger to Bots – Agentic Apps with Cosmos DB and LangChain.js | Ep. 111

In Episode 111 of Azure Cosmos DB TV, host Mark Brown is joined by Yohan Lasorsa to explore how developers can build agent-powered application...

5 days ago

Accelerate Your Cosmos DB Infrastructure with GitHub Copilot CLI and Azure Cosmos DB Agent Kit

Modern infrastructure work is increasingly agent driven, but only if your AI actually understands the platform you’re deploying. This guide sh...

6 days ago

Accelerate Your Cosmos DB Infrastructure with GitHub Copilot CLI and Azure Cosmos DB Agent Kit

Modern infrastructure work is increasingly agent driven, but only if your AI actually understands the platform you’re deploying. This guide sh...

6 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy