Skip to content

Instantly share code, notes, and snippets.

@neerajks77

neerajks77/Get-TenantAppDetails.ps1

Created February 19, 2024 18:41
Show Gist options
  • Save neerajks77/b22c63204e518758428d435c6b2780a4 to your computer and use it in GitHub Desktop.
Save neerajks77/b22c63204e518758428d435c6b2780a4 to your computer and use it in GitHub Desktop.
Download ZIP
This PowerShell Automation Runbook script fetches the details of all the apps registered/created within Microsoft Entra ID (Azure AD).
Raw
Get-TenantAppDetails.ps1
<#################################################################################
Author: Neeraj Kumar
Description: This PowerShell Automation Runbook script fetches the details of all the apps registered/created within Microsoft Entra ID (Azure AD). The result is finally ouputted to a folder within SharePoint document library.
Please create all the variables with their values in the shared resources inside variables within Automation Account before use.
#################################################################################>
# Variables from Azure Automation Account
$Global:spSiteUrl = Get-AutomationVariable -Name 'SharePointSiteUrl'
$Global:spSiteName = Get-AutomationVariable -Name 'SharePointSiteName'
$Global:spLibraryName = Get-AutomationVariable -Name 'TenantDocumentLibraryName'
$Messages = @{
DurationNotice = @{
Info = @(
'The operation is running and will take longer the more applications the tenant has...'
'Please wait...'
) -join ' '
}
}
function GetApplicationDetailsusingGraph {
$Now = Get-Date
$Applications = Get-MgApplication -all
$staleApps = Get-MgBetaDirectoryRecommendation -Filter "recommendationType eq 'staleApps'"
#Get-MgBetaDirectoryRecommendationImpactedResource -RecommendationId $staleApps.Id
write-output $staleApps
$Global:Logs = @()
foreach ($App in $Applications) {
$AppName = $App.DisplayName
$AppID = $App.Id
$ApplID = $App.AppId
$AppCreatedOn = $App.createdDateTime
$Owner = Get-MgApplicationOwner -ApplicationId $AppID
$Username = $Owner.AdditionalProperties.userPrincipalName -join ';'
$OwnerID = $Owner.Id -join ';'
$graphApiUri = 'https://graph.microsoft.com/v1.0/applications/' + $AppID + '?$select=id,appId,displayName,createdDateTime,keyCredentials,passwordCredentials'
$Reports = Invoke-RestMethod -Method Get -Uri $graphApiUri -Headers $global:accessToken
$Secrets = $Reports.passwordCredentials
foreach($secret in $Secrets){
$SecretDisplayName = $Secret.displayName
$SecretStartDate = $Secret.StartDateTime
$SecretEndDate = $Secret.EndDateTime
$SecretKeyID = $Secret.KeyId
$SecretRemainingDaysCount = ($SecretEndDate - $Now).Days
$Global:Logs += [PSCustomObject]@{
'ApplicationName' = $AppName
'ApplicationID' = $ApplID
'CreatedDateTime' = $AppCreatedOn
'SecretName' = $SecretSecretName
'SecretStartDate' = $SecretStartDate
'SecretEndDate' = $SecretEndDate
'SecretKeyID' = $SecretKeyID
'SecretRemainingDayscount' = $SecretRemainingDaysCount
'CertificateName' = $null
'CertificateStartDate' = $null
'CertificateEndDate' = $null
'CertificateKeyID' = $null
'CertificateRemainingDayscount' = $CertRemainingDaysCount
'Owner' = $Username
'OwnerObjectID' = $OwnerID
}
}
$Certs = $Reports.keyCredentials
foreach($Cert in $Certs){
$CertDisplayName = $Cert.displayName
$CertStartDate = $Cert.StartDateTime
$CertEndDate = $Cert.EndDateTime
$CertKeyID = $Cert.KeyId
# Add the file to the Reports folder
$CertRemainingDaysCount = ($CertEndDate - $Now).Days
$Global:Logs += [PSCustomObject]@{
'ApplicationName' = $AppName
'ApplicationID' = $ApplID
'CreatedDateTime' = $AppCreatedOn
'SecretName' = $null
'SecretStartDate' = $null
'SecretEndDate' = $null
'SecretKeyID' = $null
'SecretRemainingDayscount' = $null
'CertificateName' = $CertDisplayName
'CertificateStartDate' = $CertStartDate
'CertificateEndDate' = $CertEndDate
'CertificateKeyID' = $CertKeyID
'CertificateRemainingDayscount' = $CertRemainingDaysCount
'Owner' = $Username
'OwnerObjectID' = $OwnerID
}
}
}
WritetoSharePoint
}
# Function to get token
Function ConnectToGraph()
{
try
{
$tenantId = Get-AutomationVariable -Name 'TenantId'
$clientId = Get-AutomationVariable -Name 'ClientId'
$clientSecret = Get-AutomationVariable -Name 'ClientSecret'
$certThumbprint = Get-AutomationVariable -Name 'CERT_THUMBPRINT'
Connect-MgGraph -ClientId $clientId -TenantID $tenantId -CertificateThumbprint $certThumbprint -Nowelcome
$graphtokenBody = @{
Grant_Type = "client_credentials"
Client_Id = $clientId
Client_Secret = $clientSecret
Scope = "https://graph.microsoft.com/.default"
}
$jsonBody = $graphtokenBody #| ConvertTo-Json
$oauth = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Body $jsonBody
$global:accessToken = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
$global:accessToken = $oauth.access_token
}
catch {
Write-Error $Error[0]
Write-Output "Error in connecting to Microsoft Graph"
}
}
# Authenticate to SharePoint
function ConnectToSharePoint
{
try{
$spCredentials = Get-AutomationPSCredential -Name "SharePoint"
Connect-PnPOnline -Url "$Global:spSiteUrl/sites/$Global:spSiteName" -Credential $spCredentials
write-output "inside connect to sharepoint: $Global:spSiteUrl/sites/$Global:spSiteName"
}
catch{Write-Host "Unable to connect to SharePoint Online.."}
}
# Check if the file exists
function WritetoSharePoint{
$csvFileName = Get-AutomationVariable -Name 'TenantReport'
write-output $csvFileName
# Export to CSV locally
$tempFilePath = "$env:TEMP\2.$csvFileName"
$Global:Logs | Export-Csv -Path $tempFilePath -NoTypeInformation
# Upload to SharePoint
$FolderObject = Get-PnPFolder -Url "$Global:spSiteUrl/sites/$Global:spSiteName/$Global:spLibraryName"
Add-PnPFile -Path $tempFilePath -Folder $FolderObject
# Clean up local file
Remove-Item -Path $tempFilePath -Force
}
function main{
ConnecttoGraph
ConnectToSharePoint
GetApplicationDetailsusingGraph
}
main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment