Reputation: 13
List of applications, creation date, permissions and 2FA settings for Azure with PowerShell 5+
I'm new to Azure and powershell. I have some very basic knowledge of both and some scripting experience but not in powershell. Goal : Get list of applications from Azure and all available associated information. Specifically creationdate. Output in CSV.. Applications created in the last 60 days
and https://learn.microsoft.com/en-us/powershell/module/azurerm.resources/get-azurermadapplication?view=azurermps-6.13.0 this I havent got to work at all but seems like what I want.
$ClientID = "XCXXXXXXXXXXXXXXXX"
$ClientSecret = "XCXXXXXXXXXXXXXXXX"
$tenantdomain = "XCXXXXXXXXXXXXXXXX"
$loginURL = "XCXXXXXXXXXXXXXXXX"
$resource = "https://graph.microsoft.com"
$path = "C:\Scripts\objects.csv"
$headers = "App Name,CreatedOn"
# body for the rest request to get an access token
$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
# get an access token
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
# if we have an access token, then make the graph call
if ($oauth.access_token -ne $null)
{
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
$url = "https://graph.microsoft.com/beta/applications?select=createddatetime,displayname"
do {
$response = Invoke-WebRequest -Uri $url -UseBasicParsing -Headers $headerParams -Method GET -ContentType "application/json"
if ($response.Content)
{
Upvotes: 1
Views: 825
Answers (1)
Reputation: 42063
The old AzureRm powershell Get-AzureRmADApplication you mentioned essentially calls the azure ad graph api, in azure ad graph api, the application entity does not have the createddatetime property which you want. Besides, the new Az powershell Get-AzADApplication and azure ad powershell Get-AzureADApplication also call the azure ad graph API, so they could not meet your requirement.
Your script is a workaround, the script uses the client credential flow to get the access token and uses the token to call the Microsoft graph API, the logic should be correct.
Due to you did not provide some error information about your script, I could just give you a sample, it works fine on my side.
First, before you get the access token, make sure you have granted the Microsoft graph API permission for your ad app. Navigate to the Azure Active Directory in the portal -> App registrations -> find your ad app -> API permissions -> Add a permission -> add the Application permission of Microsoft graph api(the permission could be Application.ReadWrite.All, Directory.Read.All from least to most privileged, see List applications Permissions) -> Add permissions -> At last, don't forget to click the Grant admin consent button.
My sample(the sample is after getting the access token and use it to call MS garph api):
$url = "https://graph.microsoft.com/beta/applications?select=createddatetime,displayname"
$accesstoken = "eyJ0eXAxxxxxxeHB1Y3FuQktJR2Nyx9Cg"
$header = @{
'Authorization' = 'Bearer ' + $accesstoken
}
$response = Invoke-RestMethod –Uri $url –Headers $header –Method GET
$response.value | Export-Csv -Path "C:\Users\joyw\Desktop\testfile.csv" -NoTypeInformation
Upvotes: 1
Related Questions
- How to list specific oauth2Permissions using azure cli
- How to list Service principal permissions using powershell
- How to get list of all Azure subscriptions and resources using powershell (in specific format)
- Retrieve "API Permissions" of Azure AD Application via PowerShell
- List of all Resources in my Azure Subscription + IAM Access Control Credentials
- PowerShell Script - Is it possible to retrieve info on PowerApps included in a Azure Tenant?
- Get Azure Web/Function App authentication configuration using powershell
- How to get the creation date of an Azure Application Registration using Azure PowerShell?
- Powershell script to fetch Azure WebApp details
- Retrive the creation date of an Azure application in the Azure active direcory