Last active
May 10, 2023 19:38
-
-
Save svarukala/64ade1ca6f73a9d18236582e8770d1d4 to your computer and use it in GitHub Desktop.
Outputs list of all Azure AD Apps along with their expiration date, display name, owner email, credentials (passwordcredentials or keycredentials), start date, key id and usage. Useful to know the apps that are expiring and take action (renew). Since Azure AD PowerShell is being deprecated in favor of Microsoft Graph PowerShell SDK, I created a …
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requires Azure AD PowerShell Module | |
| #Prompts user to login using Azure Credentials | |
| Connect-AzureAD | |
| $results = @() | |
| Get-AzureADApplication -All $true | %{ | |
| $app = $_ | |
| $owner = Get-AzureADApplicationOwner -ObjectId $_.ObjectID -Top 1 | |
| $app.PasswordCredentials | | |
| %{ | |
| $results += [PSCustomObject] @{ | |
| CredentialType = "PasswordCredentials" | |
| DisplayName = $app.DisplayName; | |
| ExpiryDate = $_.EndDate; | |
| StartDate = $_.StartDate; | |
| KeyID = $_.KeyId; | |
| Type = 'NA'; | |
| Usage = 'NA'; | |
| Owners = $owner.UserPrincipalName; | |
| } | |
| } | |
| $app.KeyCredentials | | |
| %{ | |
| $results += [PSCustomObject] @{ | |
| CredentialType = "KeyCredentials" | |
| DisplayName = $app.DisplayName; | |
| ExpiryDate = $_.EndDate; | |
| StartDate = $_.StartDate; | |
| KeyID = $_.KeyId; | |
| Type = $_.Type; | |
| Usage = $_.Usage; | |
| Owners = $owner.UserPrincipalName; | |
| } | |
| } | |
| } | |
| $results | FT -AutoSize | |
| # Optionally export to a CSV file | |
| #$results | Export-Csv -Path "AppsInventory.csv" -NoTypeInformation |
//az ad sp list --all
az ad sp list --all --query "[?passwordCredentials[0].endDate<='$(date -d "+60 days" +%Y-%m-%d)'||keyCredentials[0].endDate<='$(date -d "+300 days" +%Y-%m-%d)'].{SP_AppId:appId,PwdExpiryDate:passwordCredentials[0].endDate, Key_Expiry_Date:keyCredentials[0].endDate,Display_Name:displayName,Account_Type: objectType}" -o table
Another option that leverages the newer Az.Resources module is available here:
https://gist.github.com/GuyPaddock/c3e0fbb1e3724822c77e35a83160af52
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since Azure AD PowerShell is being deprecated in favor of Microsoft Graph PowerShell SDK, I created a new MS Graph script that is equivalent to this script. You can find it here:
https://pnp.github.io/script-samples/aad-apps-expired-keys/README.html?tabs=graphps