Get all Application Proxy apps with a token lifetime policy

This PowerShell script example lists all the Azure Active Directory (Azure AD) Application Proxy applications in your directory that have a token lifetime policy and lists details about the policy.

If you don't have an Azure subscription, create a free account before you begin.


This article has been updated to use the Azure Az PowerShell module. The Az PowerShell module is the recommended PowerShell module for interacting with Azure. To get started with the Az PowerShell module, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

Use Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article without having to install anything on your local environment.

To start Azure Cloud Shell:

Option Example/Link
Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell. Example of Try It for Azure Cloud Shell
Go to, or select the Launch Cloud Shell button to open Cloud Shell in your browser. Launch Cloud Shell in a new window
Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. Cloud Shell button in the Azure portal

To run the code in this article in Azure Cloud Shell:

  1. Start Cloud Shell.

  2. Select the Copy button on a code block to copy the code.

  3. Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux or by selecting Cmd+Shift+V on macOS.

  4. Select Enter to run the code.

This sample requires the AzureAD V2 PowerShell for Graph module preview version (AzureADPreview).

Sample script

# This sample script gets all Azure AD Proxy applications that have assigned an Azure AD policy (token lifetime) with policy details.
# Reference:
# Configurable token lifetimes in Azure Active Directory (Preview)
# This script requires PowerShell 5.1 (x64) and the following module:
#     AzureADPreview
# Before you begin:
#    Run Connect-AzureAD to connect to the tenant domain.
#    Required Azure AD role: Global Administrator or Application Administrator
Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"

$aadapServPrinc = Get-AzureADServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}  

Write-Host "Reading Azure AD applications. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"

$allApps = Get-AzureADApplication -Top 100000 

Write-Host "Displaying Azure AD Application Proxy applications with assigned Azure AD policies" -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " " 

foreach ($item in $aadapServPrinc) { 
 $policy=Get-AzureADServicePrincipalPolicy -Id $item.ObjectId 
 If (!([string]::IsNullOrEmpty($policy.Id))) {
   Write-Host ("")        
   $item.DisplayName + " (AppId: " + $item.AppId + ")" 
   Write-Host ("") 
   Write-Host ("Policy") 
   Get-AzureADPolicy -Id $ | fl 
   Write-Host ("") 

Write-Host ("")
Write-Host ("Finished.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host ("") 

Script explanation

Command Notes
Get-AzureADServicePrincipal Gets a service principal.
Get-AzureADApplication Gets an Azure AD application.
Get-AzureADPolicy Gets a policy in Azure AD.
Get-AzureADServicePrincipalPolicy Gets the policy of a service principal in Azure AD.

Next steps

For more information on the Azure AD PowerShell module, see Azure AD PowerShell module overview.

For other PowerShell examples for Application Proxy, see Azure AD PowerShell examples for Azure AD Application Proxy.