Skip to content

Instantly share code, notes, and snippets.

@wsmelton

wsmelton/Find-AppRegistrationExpiringSecrets.ps1

Created August 31, 2022 16:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wsmelton/f630f068991b512dc01af596b29b1836 to your computer and use it in GitHub Desktop.
Save wsmelton/f630f068991b512dc01af596b29b1836 to your computer and use it in GitHub Desktop.
Download ZIP
Use Az.Resources commands to pull App Registrations' Client Secret expiration status from Azure AD - Requires PowerShell 7+
Raw
Find-AppRegistrationExpiringSecrets.ps1
#requires -Module Az.Resources
#requires -Version 7
<#
.SYNOPSIS
Based on Get-AppRegistrationExpiration by Cj-Scott
https://github.com/Cj-Scott/Get-AppRegistrationExpiration
#>
$applications = Get-AzADApplication | Where-Object { $_.KeyCredentials.DisplayName -gt 0 }
$today = (Get-Date).ToUniversalTime()
$appWithCredentials = @()
$appWithCredentials += $applications | Sort-Object -Property DisplayName | ForEach-Object -ThrottleLimit 12 -Parallel {
$application = $_
Write-Host ('Fetching: {0}' -f $application.DisplayName)
$cred = $application | Get-AzADAppCredential -ErrorAction SilentlyContinue
foreach ($c in $cred) {
$daysToExpire = (New-TimeSpan -Start $using:today -End $c.EndDateTime).Days
if ($daysToExpire -le 0) {
$status = 'Expired'
} else {
$status = 'Valid'
}
[pscustomobject]@{
ObjectId = $application.Id
ApplicationId = $application.AppId
AppRegistrationName = $application.DisplayName
KeyId = $c.KeyId
Type = $c.Type
StartDate = $c.StartDateTime -as [datetime]
EndDate = $c.EndDateTime -as [datetime]
Status = $status
DaysToExpire = $daysToExpire
Today = $using:today
}
}
}
$appWithCredentials
Write-Host 'Done.'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment