Recently, I came across an interesting post on monitoring Azure AD App registration expiration – link here. I made a simplified version which only generates a report on the expiration date of each credential.
TL;DR
Running the script below will list each credential for AzureAD app registrations sorted by expiration date. To run the script, ensure you have AzureRM PowerShell module installed and you have appropriate permissions to read the informations.
Connect-AzureRmAccount
$RM_Apps = Get-AzureRmADApplication
$RM_Apps_Cred = foreach ($app in $RM_Apps){
$tmp_cred = Get-AzureRmADAppCredential -ObjectId $app.objectid
$tmp_cred | % {
[pscustomobject]@{
App = $app.DisplayName
ObjId = $app.objectId
CredType = $_.Type
StartDate = $_.StartDate
EndDate = $_.EndDate
}
Clear-Variable tmp_cred
}
}
$RM_Apps_Cred | sort endDate | ft
To list only the latest credential for each application by type, the following will do:
#List only latest credentials
$RM_Apps_Unique = $RM_Apps_Cred | select app,credtype -Unique
$RM_Apps_Cred_latest = foreach ($obj in $RM_Apps_Unique){
$RM_Apps_Cred.Where({($_.credtype -eq $obj.credtype) -and ($_.app -eq $obj.app)}) | sort enddate | select -Last 1
}
$RM_Apps_Cred_latest | sort app | ft