Last active
December 6, 2024 18:38
-
-
Save markarnott/dbc71eac6f884842e7c5263312bb4b6b to your computer and use it in GitHub Desktop.
A script to retrieve Entra App Registration Password Credential Status in one quick view.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| A script to retrieve Entra App Registration Password Credential Status in a list of app registrations | |
| .DESCRIPTION | |
| Step 1. Execute the script without the ConfigFilePath parameter. This will produce a list of app registrations in the tenant | |
| Step 2. Save the output to a file and then edit the file to include only the app registrations you want a report on. | |
| Step 3. Execute the script using the file you just edited. | |
| .PARAMETER TenantId | |
| The Azure Tenant ID that contains the App Registrations. This is a GUID. | |
| .PARAMETER ConfigFilePath | |
| The config file must be a csv formatted text file. The csv file must contain columns named 'ID' and 'DisplayName' | |
| .EXAMPLE | |
| .\AppRegCredentialStatus.ps1 "13bd24ac-aaaa-bbbb-cccc-19a6e5f635c3" > config.csv | |
| .\AppRegCredentialStatus.ps1 "13bd24ac-aaaa-bbbb-cccc-19a6e5f635c3" -ConfigFile config.csv | |
| .NOTES | |
| Calling the script without a config file will cause the script to retrieve the first 100 app registrations | |
| in the tenant and output the properties in the correct format for a config file. | |
| #> | |
| Param( | |
| [Parameter(Mandatory)] | |
| [string]$TenantId, | |
| [string]$ConfigFilePath, | |
| [switch]$GetByDisplayName | |
| ) | |
| Connect-MgGraph -TenantId $TenantId -Scopes 'Application.Read.All' -NoWelcome | |
| if($ConfigFilePath -eq "") { | |
| $SelectList = @("Id", "DisplayName", "PublisherDomain", "AppId", "SignInAudience") # ID is required, the rest are nice | |
| Get-MgApplication -Property $SelectList | Select-Object $SelectList | ConvertTo-Csv | |
| Exit | |
| } | |
| if(-not (Test-Path $ConfigFilePath)) { | |
| Write-Error "$ConfigFilePath does not exist" | |
| Exit | |
| } | |
| $AppRegs = Get-Content $ConfigFilePath | ConvertFrom-Csv | |
| Write-Host "------------------------------------------------------------`r`n" -ForegroundColor Cyan | |
| ForEach ($App in $AppRegs) { | |
| If ($GetByDisplayName) { | |
| $App = Get-MgApplication -Property Id, DisplayName, AppId, PasswordCredentials -Filter "DisplayName eq '$($App.DisplayName)'" | |
| } Else { | |
| $App = Get-MgApplication -Property Id, DisplayName, AppId, PasswordCredentials -ApplicationId $App.ID | |
| } | |
| Write-Host "App Name: $($App.DisplayName) [Client Id: $($App.AppId)]" -ForegroundColor Yellow | |
| # Add a formatted date for display. | |
| $App.PasswordCredentials | ForEach-Object { Add-Member -InputObject $_ -NotePropertyName "DisplayEndDate" -NotePropertyValue $_.EndDateTime.ToString("yyyy-MM-dd") } | |
| $App.PasswordCredentials | | |
| Sort-Object EndDateTime | | |
| Select-Object -Last 1 | | |
| Format-Table -Property @{Expression=" "}, DisplayName, DisplayEndDate, KeyId -HideTableHeaders | |
| Write-Host "------------------------------------------------------------`r`n" -ForegroundColor Cyan | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment