Skip to content

Instantly share code, notes, and snippets.

@svarukala

svarukala/Get-AzureADAppsInfo.ps1

Last active May 10, 2023 19:38
Show Gist options
  • Star 10 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save svarukala/64ade1ca6f73a9d18236582e8770d1d4 to your computer and use it in GitHub Desktop.
Save svarukala/64ade1ca6f73a9d18236582e8770d1d4 to your computer and use it in GitHub Desktop.
Download ZIP
Outputs list of all Azure AD Apps along with their expiration date, display name, owner email, credentials (passwordcredentials or keycredentials), start date, key id and usage. Useful to know the apps that are expiring and take action (renew). Since Azure AD PowerShell is being deprecated in favor of Microsoft Graph PowerShell SDK, I created a …
Raw
Get-AzureADAppsInfo.ps1
# Requires Azure AD PowerShell Module
#Prompts user to login using Azure Credentials
Connect-AzureAD
$results = @()
Get-AzureADApplication -All $true | %{
$app = $_
$owner = Get-AzureADApplicationOwner -ObjectId $_.ObjectID -Top 1
$app.PasswordCredentials |
%{
$results += [PSCustomObject] @{
CredentialType = "PasswordCredentials"
DisplayName = $app.DisplayName;
ExpiryDate = $_.EndDate;
StartDate = $_.StartDate;
KeyID = $_.KeyId;
Type = 'NA';
Usage = 'NA';
Owners = $owner.UserPrincipalName;
}
}
$app.KeyCredentials |
%{
$results += [PSCustomObject] @{
CredentialType = "KeyCredentials"
DisplayName = $app.DisplayName;
ExpiryDate = $_.EndDate;
StartDate = $_.StartDate;
KeyID = $_.KeyId;
Type = $_.Type;
Usage = $_.Usage;
Owners = $owner.UserPrincipalName;
}
}
}
$results | FT -AutoSize
# Optionally export to a CSV file
#$results | Export-Csv -Path "AppsInventory.csv" -NoTypeInformation
@svarukala
Copy link
Author

svarukala commented Oct 27, 2021
edited

In your script I am seeing ($).keycredentials.enddate instead of $_.keycredentials.enddate. The underscore is missing. Could that be the issue?
@Divyesh85. How abt using the script I provided above as is? Is it working in that case?

@svarukala
Copy link
Author

Since Azure AD PowerShell is being deprecated in favor of Microsoft Graph PowerShell SDK, I created a new MS Graph script that is equivalent to this script. You can find it here:
https://pnp.github.io/script-samples/aad-apps-expired-keys/README.html?tabs=graphps

@JQUINONES82
Copy link

//az ad sp list --all

az ad sp list --all --query "[?passwordCredentials[0].endDate<='$(date -d "+60 days" +%Y-%m-%d)'||keyCredentials[0].endDate<='$(date -d "+300 days" +%Y-%m-%d)'].{SP_AppId:appId,PwdExpiryDate:passwordCredentials[0].endDate, Key_Expiry_Date:keyCredentials[0].endDate,Display_Name:displayName,Account_Type: objectType}" -o table

@GuyPaddock
Copy link

GuyPaddock commented May 10, 2023
edited

Another option that leverages the newer Az.Resources module is available here:
https://gist.github.com/GuyPaddock/c3e0fbb1e3724822c77e35a83160af52

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment