I'm trying to retrieve the configuration of the apps integrated with Azure AD.
I used Microsoft Graph API trying to get that piece of information, and also the Azure AD Powershell cmdlet, but all I can deduce is if the application uses the Implicit Flow, and if ROPC or Device Code Flow have been enabled.
The application type can also be retrieved, so we can deduce the grant type used. But I noticed that any application may use the Client Credentials flow, how can we identify the application that are actually using it (and that should be categorized as Services) ?
I tried to identify them by checking if the application has an Identifier Uri and OAuth2 Permissions, but this does not seem to get all the applications that are services. Furthermore, with this method, I have to sort between those truely using Client Credentials flow and those using On-Behalf Flow.
Then I tried with the sign-in logs, but there is no information about the URL called, nor the grant type used.
Are there any way to retrieve that information? Am I missing something?