GuyPaddock/CheckAzureAdAppSecretExpiry.ps1

## CheckAzureAdAppSecretExpiry.ps1
##
# @file
# Check the expiration dates for all Azure AD App Registration Secrets.
#
# All applications that have secrets that have expired or that will expire in
# the next 60 days are exported to CSV.
#
# Adapted from:
# https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/scripts/powershell-export-apps-with-expriring-secrets
#
# This version leverages the "Az.Resources" module (from the "Az" module)
# instead of the "AzureAD" module, as the latter does not include the ability to
# get the display name of each secret.
#
# You must have the Az module installed; this script was written against
# version 9.7.1.
#

Connect-AzAccount

$applications = Get-AzADApplication
$csvRows = @()
$days = 60
$currentTime = Get-Date

foreach ($application in $applications) {
  $appName = $application.DisplayName
  $appId = $application.ObjectId

  $appSecrets = $application | Select-Object -ExpandProperty PasswordCredentials
  $appCerts = $application | Select-Object -ExpandProperty KeyCredentials

  foreach ($appSecret in $appSecrets) {
    $secretDescription = $appSecret.DisplayName
    $secretStartDate = $appSecret.StartDateTime
    $secretEndDate = $appSecret.EndDateTime

    $secondsUntilExpiration = $secretEndDate - $currentTime
    $daysUntilExpiration = $secondsUntilExpiration.Days

    if ($daysUntilExpiration -le $days) {
      $csvRow = New-Object System.Object

      $csvRow | Add-Member -MemberType NoteProperty -Name "ApplicationName" -Value $appName
      $csvRow | Add-Member -MemberType NoteProperty -Name "ApplicationID" -Value $appId

      $csvRow | Add-Member -MemberType NoteProperty -Name "Secret ID" -Value $SecretId
      $csvRow | Add-Member -MemberType NoteProperty -Name "Secret Description" -Value $secretDescription
      $csvRow | Add-Member -MemberType NoteProperty -Name "Secret Start Date" -Value $secretStartDate
      $csvRow | Add-Member -MemberType NoteProperty -Name "Secret End Date" -value $secretEndDate

      $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate ID" -Value $null
      $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate Description" -Value $null
      $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate Start Date" -Value $null
      $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate End Date" -value $null

      $csvRows += $csvRow
    }
  }

  foreach ($appCert in $appCerts) {
    $certId = $appCert.ObjectId
    $certDescription = $appCert.DisplayName
    $certStartDate = $appCert.StartDateTime
    $certEndDate = $appCert.EndDateTime

    $secondsUntilExpiration = $certEndDate - $currentTime
    $daysUntilExpiration = $secondsUntilExpiration.Days

    if ($daysUntilExpiration -le $days) {
      $csvRow = New-Object System.Object

      $csvRow | Add-Member -MemberType NoteProperty -Name "ApplicationName" -Value $appName
      $csvRow | Add-Member -MemberType NoteProperty -Name "Application ID" -Value $appId

      $csvRow | Add-Member -MemberType NoteProperty -Name "Secret ID" -Value $null
      $csvRow | Add-Member -MemberType NoteProperty -Name "Secret Description" -Value $null
      $csvRow | Add-Member -MemberType NoteProperty -Name "Secret Start Date" -Value $null
      $csvRow | Add-Member -MemberType NoteProperty -Name "Secret End Date" -value $null

      $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate ID" -Value $certId
      $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate Description" -Value $certDescription
      $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate Start Date" -Value $certStartDate
      $csvRow | Add-Member -MemberType NoteProperty -Name "Certificate End Date" -value $certEndDate

      $csvRows += $csvRow
    }
  }
}

$exportTimestamp = Get-Date -Format "yyyy-MM-ddTHH-mm-ss"
$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition
$path = "$scriptPath\AzureAdAppSecretExpiry-$exportTimestamp.csv"

$csvRows | Export-CSV $path -NoTypeInformation -Encoding UTF8
Write-host "App Registration expiry information has been written to $path" -ForegroundColor Green
	##
	# @file
	# Check the expiration dates for all Azure AD App Registration Secrets.
	#
	# All applications that have secrets that have expired or that will expire in
	# the next 60 days are exported to CSV.
	#
	# Adapted from:
	# https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/scripts/powershell-export-apps-with-expriring-secrets
	#
	# This version leverages the "Az.Resources" module (from the "Az" module)
	# instead of the "AzureAD" module, as the latter does not include the ability to
	# get the display name of each secret.
	#
	# You must have the Az module installed; this script was written against
	# version 9.7.1.
	#

	Connect-AzAccount

	$applications = Get-AzADApplication
	$csvRows = @()
	$days = 60
	$currentTime = Get-Date

	foreach ($application in $applications) {
	$appName = $application.DisplayName
	$appId = $application.ObjectId

	$appSecrets = $application \| Select-Object -ExpandProperty PasswordCredentials
	$appCerts = $application \| Select-Object -ExpandProperty KeyCredentials

	foreach ($appSecret in $appSecrets) {
	$secretDescription = $appSecret.DisplayName
	$secretStartDate = $appSecret.StartDateTime
	$secretEndDate = $appSecret.EndDateTime

	$secondsUntilExpiration = $secretEndDate - $currentTime
	$daysUntilExpiration = $secondsUntilExpiration.Days

	if ($daysUntilExpiration -le $days) {
	$csvRow = New-Object System.Object

	$csvRow \| Add-Member -MemberType NoteProperty -Name "ApplicationName" -Value $appName
	$csvRow \| Add-Member -MemberType NoteProperty -Name "ApplicationID" -Value $appId

	$csvRow \| Add-Member -MemberType NoteProperty -Name "Secret ID" -Value $SecretId
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Secret Description" -Value $secretDescription
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Secret Start Date" -Value $secretStartDate
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Secret End Date" -value $secretEndDate

	$csvRow \| Add-Member -MemberType NoteProperty -Name "Certificate ID" -Value $null
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Certificate Description" -Value $null
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Certificate Start Date" -Value $null
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Certificate End Date" -value $null

	$csvRows += $csvRow
	}
	}

	foreach ($appCert in $appCerts) {
	$certId = $appCert.ObjectId
	$certDescription = $appCert.DisplayName
	$certStartDate = $appCert.StartDateTime
	$certEndDate = $appCert.EndDateTime

	$secondsUntilExpiration = $certEndDate - $currentTime
	$daysUntilExpiration = $secondsUntilExpiration.Days

	if ($daysUntilExpiration -le $days) {
	$csvRow = New-Object System.Object

	$csvRow \| Add-Member -MemberType NoteProperty -Name "ApplicationName" -Value $appName
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Application ID" -Value $appId

	$csvRow \| Add-Member -MemberType NoteProperty -Name "Secret ID" -Value $null
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Secret Description" -Value $null
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Secret Start Date" -Value $null
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Secret End Date" -value $null

	$csvRow \| Add-Member -MemberType NoteProperty -Name "Certificate ID" -Value $certId
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Certificate Description" -Value $certDescription
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Certificate Start Date" -Value $certStartDate
	$csvRow \| Add-Member -MemberType NoteProperty -Name "Certificate End Date" -value $certEndDate

	$csvRows += $csvRow
	}
	}
	}

	$exportTimestamp = Get-Date -Format "yyyy-MM-ddTHH-mm-ss"
	$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition
	$path = "$scriptPath\AzureAdAppSecretExpiry-$exportTimestamp.csv"

	$csvRows \| Export-CSV $path -NoTypeInformation -Encoding UTF8
	Write-host "App Registration expiry information has been written to $path" -ForegroundColor Green