rcabr/Get-StorageAccountKeyRotationTimes.ps1

## Get-StorageAccountKeyRotationTimes.ps1
# queries each Azure Storage account in the tenant,
# and returns a list of storage accounts and the most
# recent date/time that the storage account key was rotated.

# Connect to your Azure account
Connect-AzAccount

# Get Now
$now = Get-Date

# create an empty list
$storageAcctList = @()

# Get all subscriptions in the tenant
$subscriptions = Get-AzSubscription

# Loop through each subscription
foreach ($subscription in $subscriptions) {

    # set the current subscription as the context
    Set-AzContext -Subscription $subscription

    # Get all storage accounts in the current subscription
    $storageAccounts = Get-AzStorageAccount

    # Loop through each storage account
    foreach ($storageAccount in $storageAccounts) {

        # if allowSharedKeyAccess is false, then skip this storage account
        if ($storageAccount.AllowSharedKeyAccess -eq $false) {
            continue
        }

        # Get the storage account keys
        $keys = Get-AzStorageAccountKey -ResourceGroupName $storageAccount.ResourceGroupName -Name $storageAccount.StorageAccountName

        # Get the latest CreationTime in $keys
        $latestKey = $keys | Sort-Object -Property CreationTime -Descending | Select-Object -First 1

        # if key has a null CreationTime, then skip
        if ($null -eq $latestKey.CreationTime) {
            continue
        }

        # add the storage account name, key name, and last rotation time to the list
        $storageAcctList += [pscustomobject]@{
            SubscriptionName   = $subscription.Name
            StorageAccountName = $storageAccount.StorageAccountName
            KeyName            = $latestKey.KeyName
            CreationTime       = $latestKey.CreationTime
            AgeDays            = $($now - $latestKey.CreationTime).Days
        }
    }
}

# Output the list of storage accounts and key rotation times
$storageAcctList | Format-Table -AutoSize

# Write out list of storage accounts to a CSV file
$storageAcctList | Export-Csv -Path "C:\Temp\storageAcctKeyList.csv" -NoTypeInformation
	# queries each Azure Storage account in the tenant,
	# and returns a list of storage accounts and the most
	# recent date/time that the storage account key was rotated.

	# Connect to your Azure account
	Connect-AzAccount

	# Get Now
	$now = Get-Date

	# create an empty list
	$storageAcctList = @()

	# Get all subscriptions in the tenant
	$subscriptions = Get-AzSubscription

	# Loop through each subscription
	foreach ($subscription in $subscriptions) {

	# set the current subscription as the context
	Set-AzContext -Subscription $subscription

	# Get all storage accounts in the current subscription
	$storageAccounts = Get-AzStorageAccount

	# Loop through each storage account
	foreach ($storageAccount in $storageAccounts) {

	# if allowSharedKeyAccess is false, then skip this storage account
	if ($storageAccount.AllowSharedKeyAccess -eq $false) {
	continue
	}

	# Get the storage account keys
	$keys = Get-AzStorageAccountKey -ResourceGroupName $storageAccount.ResourceGroupName -Name $storageAccount.StorageAccountName

	# Get the latest CreationTime in $keys
	$latestKey = $keys \| Sort-Object -Property CreationTime -Descending \| Select-Object -First 1

	# if key has a null CreationTime, then skip
	if ($null -eq $latestKey.CreationTime) {
	continue
	}

	# add the storage account name, key name, and last rotation time to the list
	$storageAcctList += [pscustomobject]@{
	SubscriptionName = $subscription.Name
	StorageAccountName = $storageAccount.StorageAccountName
	KeyName = $latestKey.KeyName
	CreationTime = $latestKey.CreationTime
	AgeDays = $($now - $latestKey.CreationTime).Days
	}
	}
	}

	# Output the list of storage accounts and key rotation times
	$storageAcctList \| Format-Table -AutoSize

	# Write out list of storage accounts to a CSV file
	$storageAcctList \| Export-Csv -Path "C:\Temp\storageAcctKeyList.csv" -NoTypeInformation