Azure AD Registered Applications are the Azure AD version of Active Directory Service Accounts. Over time, the number of them grow and grow, each having permissions to consume information from Azure AD and or Microsoft Graph. As an Administrator of Azure AD there is maintenance associated with these Registered Applications, namely credential validity and more important application validity.
Credential expiration associated with Azure AD Registered Applications is quickly visible via the Azure Portal. We can quickly see Current, Expired and Expiring Soon credentials as shown in the screenshot below.
But what about activity associated with the registered apps? For that we need to drill down into each individual application to see sign-in activity.
However, what if we have 100’s or 1000’s of Azure AD Registered Applications? How can we programatically inspect each registered application and see if the credentials have or are about to expire, along with if the application is actively being used? That is what this post covers.
It is rather ironic that in order to query Microsoft Graph to Audit Azure AD Registered Applications and Sign-In Activity we will need a Registered Application with the necessary permissions. Register a new app if you don’t have one with the following permissions, or use/update an existing app that has;
The script below uses the MSAL.PS PowerShell Module. You will need this installed on the host running the script.
Here is an example script that authenticates to Microsoft Graph leveraging a registered application you have registered with the permissions listed above.
Update:
After running the script you will have two collections.
Using PowerShell and Microsoft Graph we can quickly enumerate and Audit Azure AD Registered Applications. You can easily expand on this script and schedule its execution and enable a notification.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.