-
-
Save svarukala/64ade1ca6f73a9d18236582e8770d1d4 to your computer and use it in GitHub Desktop.
# Requires Azure AD PowerShell Module | |
#Prompts user to login using Azure Credentials | |
Connect-AzureAD | |
$results = @() | |
Get-AzureADApplication -All $true | %{ | |
$app = $_ | |
$owner = Get-AzureADApplicationOwner -ObjectId $_.ObjectID -Top 1 | |
$app.PasswordCredentials | | |
%{ | |
$results += [PSCustomObject] @{ | |
CredentialType = "PasswordCredentials" | |
DisplayName = $app.DisplayName; | |
ExpiryDate = $_.EndDate; | |
StartDate = $_.StartDate; | |
KeyID = $_.KeyId; | |
Type = 'NA'; | |
Usage = 'NA'; | |
Owners = $owner.UserPrincipalName; | |
} | |
} | |
$app.KeyCredentials | | |
%{ | |
$results += [PSCustomObject] @{ | |
CredentialType = "KeyCredentials" | |
DisplayName = $app.DisplayName; | |
ExpiryDate = $_.EndDate; | |
StartDate = $_.StartDate; | |
KeyID = $_.KeyId; | |
Type = $_.Type; | |
Usage = $_.Usage; | |
Owners = $owner.UserPrincipalName; | |
} | |
} | |
} | |
$results | FT -AutoSize | |
# Optionally export to a CSV file | |
#$results | Export-Csv -Path "AppsInventory.csv" -NoTypeInformation |
Since Azure AD PowerShell is being deprecated in favor of Microsoft Graph PowerShell SDK, I created a new MS Graph script that is equivalent to this script. You can find it here:
https://pnp.github.io/script-samples/aad-apps-expired-keys/README.html?tabs=graphps
//az ad sp list --all
az ad sp list --all --query "[?passwordCredentials[0].endDate<='$(date -d "+60 days" +%Y-%m-%d)'||keyCredentials[0].endDate<='$(date -d "+300 days" +%Y-%m-%d)'].{SP_AppId:appId,PwdExpiryDate:passwordCredentials[0].endDate, Key_Expiry_Date:keyCredentials[0].endDate,Display_Name:displayName,Account_Type: objectType}" -o table
Another option that leverages the newer Az.Resources
module is available here:
https://gist.github.com/GuyPaddock/c3e0fbb1e3724822c77e35a83160af52
In your script I am seeing ($).keycredentials.enddate instead of $_.keycredentials.enddate. The underscore is missing. Could that be the issue?
@Divyesh85. How abt using the script I provided above as is? Is it working in that case?