Ce script permet d’afficher la liste des App Registrations Azure ActiveDirectory ayant un ou des secrets ou certificats expirant à 90 jours, 30 jours ou déjà expirés.
Il est bien évidemment possible d’adapter le script pour le faire tourner dans un runbook Azure ou sur un serveur de manière non-interactive en adaptant la partie authentification.
Connect-AzureAD $AADAppsColl = Get-AzureADApplication -All:$true foreach($AADApps in $AADAppsColl) { $AppID = $AADApps.AppID $AADApp = Get-AzureADApplication -Filter "AppID eq '$AppID'" $PassCreds = $AADApp.PasswordCredentials if ($null -ne $PassCreds) { foreach($PassCred in $PassCreds) { if($PassCred.EndDate -gt (Get-Date).AddDays(30) -and $PassCred.EndDate -le (Get-Date).AddDays(90)){ Write-Host "AzureAD Application Name: $($AADApp.DisplayName)" Write-Host "KeyID: $($PassCred.KeyID)" Write-Host "Expires: $($PassCred.EndDate)" -ForegroundColor Green Write-Host `r } if($PassCred.EndDate -gt (Get-Date) -and $PassCred.EndDate -le (Get-Date).AddDays(30)) { Write-Host "AzureAD Application Name: $($AADApp.DisplayName)" Write-Host "KeyID: $($PassCred.KeyID)" Write-Host "Expires: $($PassCred.EndDate)" -ForegroundColor Orange Write-Host `r } if($PassCred.EndDate -le (Get-Date)) { Write-Host "AzureAD Application Name: $($AADApp.DisplayName)" Write-Host "KeyID: $($PassCred.KeyID)" Write-Host "Expired: $($PassCred.EndDate)" -ForegroundColor Red Write-Host `r } } } $KeyCreds = $AADApp.KeyCredentials if ($null -ne $KeyCreds) { foreach($KeyCred in $KeyCreds) { if($KeyCred.EndDate -gt (Get-Date).AddDays(30) -and $KeyCred.EndDate -le (Get-Date).AddDays(90)){ Write-Host "AzureAD Application Name: $($AADApp.DisplayName)" Write-Host "Certificate ID: $($KeyCred.KeyID)" Write-Host "Expires: $($KeyCred.EndDate)" -ForegroundColor Green Write-Host `r } if($KeyCred.EndDate -gt (Get-Date) -and $KeyCred.EndDate -le (Get-Date).AddDays(30)) { Write-Host "AzureAD Application Name: $($AADApp.DisplayName)" Write-Host "Certificate ID: $($KeyCred.KeyID)" Write-Host "Expires: $($KeyCred.EndDate)" -ForegroundColor Orange Write-Host `r } if($KeyCred.EndDate -le (Get-Date)) { Write-Host "AzureAD Application Name: $($AADApp.DisplayName)" Write-Host "Certificate ID: $($KeyCred.KeyID)" Write-Host "Expired: $($KeyCred.EndDate)" -ForegroundColor Red Write-Host `r } } } }
Une version commentée du script est disponible en téléchargement.
Bonjour, super script, merci !!
est-il possible de classer par date le résultat des expiration ?