Created
February 19, 2024 18:41
-
-
Save neerajks77/b22c63204e518758428d435c6b2780a4 to your computer and use it in GitHub Desktop.
This PowerShell Automation Runbook script fetches the details of all the apps registered/created within Microsoft Entra ID (Azure AD).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<################################################################################# | |
Author: Neeraj Kumar | |
Description: This PowerShell Automation Runbook script fetches the details of all the apps registered/created within Microsoft Entra ID (Azure AD). The result is finally ouputted to a folder within SharePoint document library. | |
Please create all the variables with their values in the shared resources inside variables within Automation Account before use. | |
#################################################################################> | |
# Variables from Azure Automation Account | |
$Global:spSiteUrl = Get-AutomationVariable -Name 'SharePointSiteUrl' | |
$Global:spSiteName = Get-AutomationVariable -Name 'SharePointSiteName' | |
$Global:spLibraryName = Get-AutomationVariable -Name 'TenantDocumentLibraryName' | |
$Messages = @{ | |
DurationNotice = @{ | |
Info = @( | |
'The operation is running and will take longer the more applications the tenant has...' | |
'Please wait...' | |
) -join ' ' | |
} | |
} | |
function GetApplicationDetailsusingGraph { | |
$Now = Get-Date | |
$Applications = Get-MgApplication -all | |
$staleApps = Get-MgBetaDirectoryRecommendation -Filter "recommendationType eq 'staleApps'" | |
#Get-MgBetaDirectoryRecommendationImpactedResource -RecommendationId $staleApps.Id | |
write-output $staleApps | |
$Global:Logs = @() | |
foreach ($App in $Applications) { | |
$AppName = $App.DisplayName | |
$AppID = $App.Id | |
$ApplID = $App.AppId | |
$AppCreatedOn = $App.createdDateTime | |
$Owner = Get-MgApplicationOwner -ApplicationId $AppID | |
$Username = $Owner.AdditionalProperties.userPrincipalName -join ';' | |
$OwnerID = $Owner.Id -join ';' | |
$graphApiUri = 'https://graph.microsoft.com/v1.0/applications/' + $AppID + '?$select=id,appId,displayName,createdDateTime,keyCredentials,passwordCredentials' | |
$Reports = Invoke-RestMethod -Method Get -Uri $graphApiUri -Headers $global:accessToken | |
$Secrets = $Reports.passwordCredentials | |
foreach($secret in $Secrets){ | |
$SecretDisplayName = $Secret.displayName | |
$SecretStartDate = $Secret.StartDateTime | |
$SecretEndDate = $Secret.EndDateTime | |
$SecretKeyID = $Secret.KeyId | |
$SecretRemainingDaysCount = ($SecretEndDate - $Now).Days | |
$Global:Logs += [PSCustomObject]@{ | |
'ApplicationName' = $AppName | |
'ApplicationID' = $ApplID | |
'CreatedDateTime' = $AppCreatedOn | |
'SecretName' = $SecretSecretName | |
'SecretStartDate' = $SecretStartDate | |
'SecretEndDate' = $SecretEndDate | |
'SecretKeyID' = $SecretKeyID | |
'SecretRemainingDayscount' = $SecretRemainingDaysCount | |
'CertificateName' = $null | |
'CertificateStartDate' = $null | |
'CertificateEndDate' = $null | |
'CertificateKeyID' = $null | |
'CertificateRemainingDayscount' = $CertRemainingDaysCount | |
'Owner' = $Username | |
'OwnerObjectID' = $OwnerID | |
} | |
} | |
$Certs = $Reports.keyCredentials | |
foreach($Cert in $Certs){ | |
$CertDisplayName = $Cert.displayName | |
$CertStartDate = $Cert.StartDateTime | |
$CertEndDate = $Cert.EndDateTime | |
$CertKeyID = $Cert.KeyId | |
# Add the file to the Reports folder | |
$CertRemainingDaysCount = ($CertEndDate - $Now).Days | |
$Global:Logs += [PSCustomObject]@{ | |
'ApplicationName' = $AppName | |
'ApplicationID' = $ApplID | |
'CreatedDateTime' = $AppCreatedOn | |
'SecretName' = $null | |
'SecretStartDate' = $null | |
'SecretEndDate' = $null | |
'SecretKeyID' = $null | |
'SecretRemainingDayscount' = $null | |
'CertificateName' = $CertDisplayName | |
'CertificateStartDate' = $CertStartDate | |
'CertificateEndDate' = $CertEndDate | |
'CertificateKeyID' = $CertKeyID | |
'CertificateRemainingDayscount' = $CertRemainingDaysCount | |
'Owner' = $Username | |
'OwnerObjectID' = $OwnerID | |
} | |
} | |
} | |
WritetoSharePoint | |
} | |
# Function to get token | |
Function ConnectToGraph() | |
{ | |
try | |
{ | |
$tenantId = Get-AutomationVariable -Name 'TenantId' | |
$clientId = Get-AutomationVariable -Name 'ClientId' | |
$clientSecret = Get-AutomationVariable -Name 'ClientSecret' | |
$certThumbprint = Get-AutomationVariable -Name 'CERT_THUMBPRINT' | |
Connect-MgGraph -ClientId $clientId -TenantID $tenantId -CertificateThumbprint $certThumbprint -Nowelcome | |
$graphtokenBody = @{ | |
Grant_Type = "client_credentials" | |
Client_Id = $clientId | |
Client_Secret = $clientSecret | |
Scope = "https://graph.microsoft.com/.default" | |
} | |
$jsonBody = $graphtokenBody #| ConvertTo-Json | |
$oauth = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Body $jsonBody | |
$global:accessToken = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"} | |
$global:accessToken = $oauth.access_token | |
} | |
catch { | |
Write-Error $Error[0] | |
Write-Output "Error in connecting to Microsoft Graph" | |
} | |
} | |
# Authenticate to SharePoint | |
function ConnectToSharePoint | |
{ | |
try{ | |
$spCredentials = Get-AutomationPSCredential -Name "SharePoint" | |
Connect-PnPOnline -Url "$Global:spSiteUrl/sites/$Global:spSiteName" -Credential $spCredentials | |
write-output "inside connect to sharepoint: $Global:spSiteUrl/sites/$Global:spSiteName" | |
} | |
catch{Write-Host "Unable to connect to SharePoint Online.."} | |
} | |
# Check if the file exists | |
function WritetoSharePoint{ | |
$csvFileName = Get-AutomationVariable -Name 'TenantReport' | |
write-output $csvFileName | |
# Export to CSV locally | |
$tempFilePath = "$env:TEMP\2.$csvFileName" | |
$Global:Logs | Export-Csv -Path $tempFilePath -NoTypeInformation | |
# Upload to SharePoint | |
$FolderObject = Get-PnPFolder -Url "$Global:spSiteUrl/sites/$Global:spSiteName/$Global:spLibraryName" | |
Add-PnPFile -Path $tempFilePath -Folder $FolderObject | |
# Clean up local file | |
Remove-Item -Path $tempFilePath -Force | |
} | |
function main{ | |
ConnecttoGraph | |
ConnectToSharePoint | |
GetApplicationDetailsusingGraph | |
} | |
main |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment