Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This script uses Microsoft Graph PowerShell SDK. It is helpful to identify and inventorize all the Azure AD Applications registered in your tenant. The script enumerates the KeyCredentials (Certificates) and PasswordCredentials (Client Secret) keys, expiration dates, owner and other useful information.
Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All","Application.Read.All", "Application.ReadWrite.All", "Directory.Read.All", "Directory.ReadWrite.All", "Directory.AccessAsUser.All"
$Apps = Get-MgApplication -All
$today = Get-Date
$credentials = @()
$Apps | %{
$aadAppObjId = $_.Id
$app = Get-MgApplication -ApplicationId $aadAppObjId
$owner = Get-MgApplicationOwner -ApplicationId $aadAppObjId
$app.KeyCredentials | %{
#write-host $_.KeyId $_.DisplayName
$credentials += [PSCustomObject] @{
CredentialType = "KeyCredentials";
DisplayName = $app.DisplayName;
AppId = $app.AppId;
ExpiryDate = $_.EndDateTime;
StartDate = $_.StartDateTime;
#KeyID = $_.KeyId;
Type = $_.Type;
Usage = $_.Usage;
Owners = $owner.AdditionalProperties.userPrincipalName;
Expired = (([DateTime]$_.EndDateTime) -lt $today) ? "Yes" : "No";
}
}
$app.PasswordCredentials | %{
#write-host $_.KeyId $_.DisplayName
$credentials += [PSCustomObject] @{
CredentialType = "PasswordCredentials";
DisplayName = $app.DisplayName;
AppId = $app.AppId;
ExpiryDate = $_.EndDateTime;
StartDate = $_.StartDateTime;
#KeyID = $_.KeyId;
Type = 'NA';
Usage = 'NA';
Owners = $owner.AdditionalProperties.userPrincipalName;
Expired = (([DateTime]$_.EndDateTime) -lt $today) ? "Yes" : "No";
}
}
}
$credentials | FT -AutoSize
# Optionally export to a CSV file
#$credentials | Export-Csv -Path "AppsInventory.csv" -NoTypeInformation
@nl2rma
Copy link

nl2rma commented Feb 25, 2022

works only in powershell 7, right?

@jidhiar
Copy link

jidhiar commented May 26, 2022

getmgapplication.ps1:40 char:63

  • ... Expired = (([DateTime]$_.EndDateTime) -lt $today) ? "Yes" : ...
  •                                                             ~
    

Unexpected token '?' in expression or statement.
getmgapplication.ps1:40 char:62

  •         Expired = (([DateTime]$_.EndDateTime) -lt $today) ? "Yes" ...
    
  •                                                          ~
    

The hash literal was incomplete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment