How to Use -Filter Parameter with Get-MgApplication in Graph PowerShell
Microsoft Graph PowerShell offers robust capabilities to query and manage Azure AD applications using the Get-MgApplication cmdlet. One of the most powerful ways to refine your search is by using the -Filter parameter. This enables administrators to retrieve only the applications that meet specific conditions โ reducing clutter and boosting efficiency.
In this article, weโll walk through how to use the -Filter parameter with Get-MgApplication, provide real-world examples, and highlight important limitations and troubleshooting tips.
Cmdlet Syntax
Get-MgApplication -Filter "<OData query>" -AllAlways combine -Filter with -All to ensure complete result sets across paginated data.
Usage Examples
- Get Applications with a Specific Display Name
- Get Applications Starting with a Specific Prefix (Client-Side)
- Filter Applications That Are Marked as Available to Other Tenants
- Filter Apps Created After a Certain Date (Client-Side)
- Filter Applications by Publisher Name (Client-Side)
Get-MgApplication -Filter "displayName eq 'M365 Management App'" -All
Returns the application(s) whose display name exactly matches M365 Management App.
Get-MgApplication -All | Where-Object { $_.DisplayName -like "Contoso*" }
Since the startswith() function is not supported, you can perform partial matches client-side using Where-Object.
Get-MgApplication -Filter "isAvailableToOtherTenants eq true" -AllReturns all multi-tenant applications (used across tenants).
Get-MgApplication -All |Where-Object { $_.CreatedDateTime -gt (Get-Date).AddMonths(-6) }
Shows apps created in the last 6 months. Again, createdDateTime is not OData filterable โ hence the local filtering.
Get-MgApplication -All | Where-Object { $_.Publisher -eq "Microsoft Corporation" }The publisher field is not filterable via Graph OData $filter, so this is done on the client side.
Important Considerations
- ๐ The -Filter parameter only works with OData-compliant, filterable properties.
- ๐ You can always check Microsoftโs documentation to determine filterable fields: ๐ OData Query Parameters in Microsoft Graph
- ๐ง When in doubt, fetch with -All and apply Where-Object client-side.
Common Errors & Fixes
| Error | Cause | Fix |
| Request_UnsupportedQuery | You're using an unsupported property in the -Filter parameter. | Move the filter condition client-side. For example, instead of: Get-MgApplication -Filter "publisher eq 'Contoso Ltd.'" # โ will fail Do this: Get-MgApplication -All | Where-Object { $_.Publisher -eq "Contoso Ltd." } # โ |
| Error: No Results Returned | You're trying to perform a partial match using wildcards in -Filter, which isn't supported. | Use exact match with eq or apply wildcard logic using Where-Object. |
| Error: Access Denied | Missing permissions to read applications. | Reconnect using the required scopes: Connect-MgGraph -Scopes "Application.Read.All", "Directory.Read.All" |
Conclusion
Using the -Filter parameter with Get-MgApplication enables precise and efficient querying of apps in Azure AD. While not all properties are filterable server-side, combining -Filter with local PowerShell filtering (Where-Object) provides flexibility and power. Mastering these techniques allows administrators to build faster queries, streamline app audits, and script app management tasks effectively.
When in doubt, start with -All, filter locally, and then move to server-side filtering as needed. This hybrid approach will help you handle both small and large application directories seamlessly.