Sometimes you don’t want to remove the application from Microsoft Entra ID. But instead, you want to prevent the application from accessing protected resources. Doing this will keep the application configuration, and you can activate it again whenever you need. In this article, you will learn how to deactivate an application in Microsoft Entra ID.
Deactivate application in Microsoft Entra ID
To deactivate an application in Microsoft Entra ID using Microsoft Entra admin center , follow these steps:
- Sign in to Microsoft Entra admin center as a Global Administrator.
- Click on Entra ID > App registrations > All applications.
- Select the application.
- Click on Deactivate in the toolbar.
- Confirm by clicking on Deactivate.
- Verify that the application is deactivated.
You can always activate the application by clicking Activate in the toolbar and confirming with Activate.
Deactivate application in Microsoft Entra ID with PowerShell
To deactivate an application in Microsoft Entra ID using PowerShell, follow these steps:
Step 1. Install Microsoft Graph PowerShell
Run Windows PowerShell as administrator and Install Microsoft Graph PowerShell.
Install both the Microsoft Graph PowerShell and the beta version. That’s because you need to use the beta cmdlet to retrieve the information.
Install-Module Microsoft.Graph -ForceInstall-Module Microsoft.Graph.Beta -AllowClobber -ForceImportant: Always update to the latest Microsoft Graph PowerShell module version before you run a cmdlet or script to prevent errors and incorrect results.
Step 2. Connect to Microsoft Graph PowerShell
Connect to Microsoft Graph PowerShell with the required scopes.
Connect-MgGraph -Scopes "Application.ReadWrite.All"Enter your global administrator credentials and accept the Microsoft Graph permissions request.
Step 3. Deactivate Microsoft Entra ID application
Deactivate the application in Microsoft Entra ID using the Update-MgApplication cmdlet.
Update-MgApplication –ApplicationId "0b0024fc-49c4-46b6-89fb-6a34b44fb652" –BodyParameter @{isDisabled = $true}Verify that the application is in a deactivated state using the Get-MgApplication cmdlet.
Get-MgApplication -ApplicationId "0b0024fc-49c4-46b6-89fb-6a34b44fb652" | Select-Object DisplayName, @{N = 'IsDisabled'; E = { $_.AdditionalProperties['isDisabled'] } }Get all the deactivated applications in Microsoft Entra ID.
Get-MgApplication -Filter "isDisabled eq true" | Select-Object DisplayName, AppIdYou can always activate the application in Microsoft Entra ID.
Update-MgApplication –ApplicationId "0b0024fc-49c4-46b6-89fb-6a34b44fb652" –BodyParameter @{isDisabled = $false}That’s it!
Read more: Export Entra ID app registrations Certificates and Secrets expiry report »
Conclusion
You’ve learned how to deactivate an application in Microsoft Entra ID. This can be done through the Microsoft Entra admin center or by using Microsoft Graph PowerShell. Deactivating an app is useful when you want to prevent it from accessing protected resources or obtaining new access tokens. Keep in mind that existing tokens will still remain valid, and the app will still appear in the Enterprise apps list for tenants.
Did you enjoy this article? You may also like Renew Client Secret in Microsoft Entra ID. Don’t forget to follow us and share this article.