Get-AADToolkitApplicationCredentials.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
<#
.Synopsis Gets a report of all the applications and service principals in this tenant that have either a password or client secret .Description This functions returns a list of all applications and service principals that have a credential .Example Get-AADToolkitApplicationCredentials | Export-Csv -Path '.\AppPermissions.csv' -NoTypeInformation Generates a CSV report of all applications and service principals with credentials. #> function Get-AADToolkitApplicationCredentials { function Get-CredentialInfo ($objectType, $item, $cred, $credentialType) { [pscustomobject]@{ ObjectId = $item.id AppDisplayName = $item.displayName ObjectType = $objectType AppId = $item.appId Credentialtype = $credentialType KeyId = $cred.keyId Hint = $cred.hint CredDisplayName = $cred.displayName StartDateTime = $cred.startDateTime EndDateTime = $cred.endDateTime KeyType = $cred.type Usage = $cred.usage } } function Get-CredentialReport ($objectType) { $reportJson = Invoke-AADTGraph -Uri "/$objectType" do { foreach($item in $reportJson.value) { foreach($cred in $item.passwordCredentials) { Get-CredentialInfo $objectType $item $cred "PasswordCredential" } foreach($cred in $item.keyCredentials) { Get-CredentialInfo $objectType $item $cred "KeyCredential" } } if($null -ne $reportJson.'@odata.nextLink') { $reportJson = Invoke-GraphRequest -Uri $reportJson.'@odata.nextLink' } } while ($null -ne $reportJson.'@odata.nextLink') } Get-CredentialReport "applications" Get-CredentialReport "servicePrincipals" } |