Last active
September 25, 2024 00:34
-
-
Save GuyPaddock/c3e0fbb1e3724822c77e35a83160af52 to your computer and use it in GitHub Desktop.
Use the "Az" PowerShell module to export Azure AD secret expiration dates to CSV.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # @file | |
| # Check the expiration dates for all Azure AD App Registration Secrets. | |
| # | |
| # All applications that have secrets that have expired or that will expire in | |
| # the next 60 days are exported to CSV. | |
| # | |
| # Adapted from: | |
| # https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/scripts/powershell-export-apps-with-expriring-secrets | |
| # | |
| # This version leverages the "Az.Resources" module (from the "Az" module) | |
| # instead of the "AzureAD" module, as the latter does not include the ability to | |
| # get the display name of each secret. | |
| # | |
| # You must have the Az module installed; this script was written against | |
| # version 9.7.1. | |
| # | |
| Connect-AzAccount | |
| $applications = Get-AzADApplication | |
| $csvRows = @() | |
| $days = 60 | |
| $currentTime = Get-Date | |
| foreach ($application in $applications) { | |
| $appName = $application.DisplayName | |
| $appId = $application.ObjectId | |
| $appSecrets = $application | Select-Object -ExpandProperty PasswordCredentials | |
| $appCerts = $application | Select-Object -ExpandProperty KeyCredentials | |
| foreach ($appSecret in $appSecrets) { | |
| $secretDescription = $appSecret.DisplayName | |
| $secretStartDate = $appSecret.StartDateTime | |
| $secretEndDate = $appSecret.EndDateTime | |
| $secondsUntilExpiration = $secretEndDate - $currentTime | |
| $daysUntilExpiration = $secondsUntilExpiration.Days | |
| if ($daysUntilExpiration -le $days) { | |
| $csvRow = New-Object System.Object | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "ApplicationName" -Value $appName | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "ApplicationID" -Value $appId | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Secret ID" -Value $SecretId | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Secret Description" -Value $secretDescription | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Secret Start Date" -Value $secretStartDate | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Secret End Date" -value $secretEndDate | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate ID" -Value $null | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate Description" -Value $null | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate Start Date" -Value $null | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate End Date" -value $null | |
| $csvRows += $csvRow | |
| } | |
| } | |
| foreach ($appCert in $appCerts) { | |
| $certId = $appCert.ObjectId | |
| $certDescription = $appCert.DisplayName | |
| $certStartDate = $appCert.StartDateTime | |
| $certEndDate = $appCert.EndDateTime | |
| $secondsUntilExpiration = $certEndDate - $currentTime | |
| $daysUntilExpiration = $secondsUntilExpiration.Days | |
| if ($daysUntilExpiration -le $days) { | |
| $csvRow = New-Object System.Object | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "ApplicationName" -Value $appName | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Application ID" -Value $appId | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Secret ID" -Value $null | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Secret Description" -Value $null | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Secret Start Date" -Value $null | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Secret End Date" -value $null | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate ID" -Value $certId | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate Description" -Value $certDescription | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate Start Date" -Value $certStartDate | |
| $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate End Date" -value $certEndDate | |
| $csvRows += $csvRow | |
| } | |
| } | |
| } | |
| $exportTimestamp = Get-Date -Format "yyyy-MM-ddTHH-mm-ss" | |
| $scriptPath = split-path -parent $MyInvocation.MyCommand.Definition | |
| $path = "$scriptPath\AzureAdAppSecretExpiry-$exportTimestamp.csv" | |
| $csvRows | Export-CSV $path -NoTypeInformation -Encoding UTF8 | |
| Write-host "App Registration expiry information has been written to $path" -ForegroundColor Green |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment