How to view Azure Service Principal Group Memberships in Azure AD?

Question

I can't find a way to view all the group memberships of a service principal in Azure. I can of course see the service principal in the list of "Direct Members" from the perspective of the group.

For example:

myGroup123 has members -> Rob, John, and servicePrincipal9

If I look at "servicePrincipal9", I can't see that it is a member of "myGroup123"

Is there a way to find this info in the Portal? Via powershell? Via CLI?

Answer 1

Powershell approach via a MSFT support engineer:

Get-AzureADServicePrincipalMembership -ObjectId <String> [-All <Boolean>]

Documentation: https://learn.microsoft.com/en-us/powershell/module/azuread/get-azureadserviceprincipalmembership?view=azureadps-2.0

Answer 2

Get the group membership of a group for a service principal

$Groups = New-Object Microsoft.Open.AzureAD.Model.GroupIdsForMembershipCheck
$Groups.GroupIds = (Get-AzureADGroup -Top 1).ObjectId
$SPId = (Get-AzureADServicePrincipal -Top 1).ObjectId
Select-AzureADGroupIdsServicePrincipalIsMemberOf -ObjectId $SPId -GroupIdsForMembershipCheck $Groups

OdataMetadata                                                                                   Value
-------------                                                                                   -----
https://graph.windows.net/85b5ff1e-0402-400c-9e3c-0f9e965325d1/$metadata#Collection(Edm.String) {093fc0e2-1d6e-4a1b-9bf8-effa0196f1f7}

Kindly go through the document and check if it helps.

Get the groups and directory roles that this servicePrincipal is a member of. This operation is transitive and will include all groups that this service principal is a nested member of from the following document

Get the groups and directory roles that this servicePrincipal is a direct member of. This operation is not transitive. Check this document