Skip to content

Latest commit

 

History

History
132 lines (93 loc) · 5.54 KB

hide-application-from-user-portal.md

File metadata and controls

132 lines (93 loc) · 5.54 KB
Raw
title description author manager ms.service ms.subservice ms.topic ms.date ms.author ms.reviewer ms.collection zone_pivot_groups ms.custom
Hide an Enterprise application
How to hide an Enterprise application from user's experience in Microsoft Entra ID access portals or Microsoft 365 launchers.
omondiatieno
CelesteDG
entra-id
enterprise-apps
how-to
06/19/2024
jomondi
ergreenl, lenalepa
M365-identity-device-management
enterprise-apps-all
enterprise-apps, has-azure-ad-ps-ref

Hide an Enterprise application

Learn how to hide enterprise applications in Microsoft Entra ID. When an application is hidden, users still have permissions to the application.

Prerequisites

To hide an application from the My Apps portal and Microsoft 365 launcher, you need:

  • An Azure account with an active subscription. Create an account for free.
  • One of the following roles: Cloud Application Administrator, Application Administrator.
  • Global Administrator is required to hide all Microsoft 365 applications.

Hide an application from the end user

:::zone pivot="portal"

Use the following steps to hide an application from My Apps portal and Microsoft 365 application launcher.

  1. Sign in to the Microsoft Entra admin center as at least a cloud application administrator.
  2. Browse to Identity > Applications > Enterprise applications > All applications.
  3. Search for the application you want to hide, and select the application.
  4. In the left navigation pane, select Properties.
  5. Select No for the Visible to users? question.
  6. Select Save.

:::zone-end

Note

These instructions apply only to Enterprise applications.

:::zone pivot="aad-powershell"

To hide an application from the My Apps portal, using Azure AD PowerShell, you need to connect to Azure AD PowerShell and sign in as at least a Cloud Application Administrator. You can manually add the HideApp tag to the service principal for the application. Run the following Azure AD PowerShell commands to set the application's Visible to Users? property to No.

Connect-AzureAD

$objectId = "<objectId>"
$servicePrincipal = Get-AzureADServicePrincipal -ObjectId $objectId
$tags = $servicePrincipal.tags
$tags += "HideApp"
Set-AzureADServicePrincipal -ObjectId $objectId -Tags $tags

:::zone-end

:::zone pivot="ms-powershell"

To hide an application from the My Apps portal, using Microsoft Graph PowerShell, you need to connect to Microsoft Graph PowerShell and sign in as at least a Cloud Application Administrator. You can manually add the HideApp tag to the service principal for the application. Run the following Microsoft Graph PowerShell commands to set the application's Visible to Users? property to No.

Connect-MgGraph

$servicePrincipal = Get-MgServicePrincipal -ServicePrincipalId $objectId
$tags = $servicePrincipal.tags
$tags += "HideApp"
Update-MgServicePrincipal -ServicePrincipalID  $objectId -Tags $tags

:::zone-end

:::zone pivot="ms-graph"

To hide an enterprise application using Graph Explorer, you need to sign in as at least a Cloud Application Administrator.

Run the following queries.

  1. Get the application you want to hide.

    GET https://graph.microsoft.com/v1.0/servicePrincipals/00001111-aaaa-2222-bbbb-3333cccc4444

  2. Update the application to hide it from users.

    PATCH https://graph.microsoft.com/v1.0/servicePrincipals/00001111-aaaa-2222-bbbb-3333cccc4444/

    Supply the following request body.

    {
    "tags": [
    "HideApp"
    ]
}

    [!WARNING] If the application has other tags, you must include them in the request body. Otherwise, the query will overwrite them.

:::zone-end

:::zone pivot="portal"

Hide Microsoft 365 applications from the My Apps portal

[!INCLUDE portal updates]

Use the following steps to hide all Microsoft 365 applications from the My Apps portal. The applications are still visible in the Office 365 portal.

  1. Sign in to the Microsoft Entra admin center as a Global Administrator.

    [!IMPORTANT] Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

  2. Browse to Identity > Applications > Enterprise applications.
  3. Select App launchers under Manage menu items.
  4. Select Settings.
  5. Enable the option of Users can only see Microsoft 365 apps in the Microsoft 365 portal.
  6. Select Save.

:::zone-end

Next steps