azurepowershellmicrosoft-teamsmicrosoft-entra-idazure-app-registration

Export app registrations with expiring secrets and certificates and send alert in teams


I want to Export app registrations with expiring secrets and certificates and send alert in teams when it will be expired in less than 30 day, I can get the list of apps with the script here <https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/scripts/powershell-export-apps-with-expiring-secrets > but I do not know how to filter them to show only ones that will be expired in less than 30 days, can someone help me with this
thanks for the helps now for sending teams alert I found the code and modified it in a way that matches the answer but I don't get the name of the apps and it shows an empty table, can someone please help me with it here is the code for sending alert



$textTable = $Logs | select-object $AppName, $RemainingDaysCount | ConvertTo-Html
# | Sort-Object daysUntil | select-object displayName, daysUntil | ConvertTo-Html

$JSONBody = [PSCustomObject][Ordered]@{
    "@type"      = "MessageCard"
    "@context"   = "<http://schema.org/extensions>"
    "themeColor" = '0078D7'
    "title"      = "$($Array.count) App Secrets areExpiring Soon"
    "text"       = "$textTable"
}

$TeamMessageBody = ConvertTo-Json $JSONBody

$parameters = @{
    "URI"         = 'the URI '
    "Method"      = 'POST'
    "Body"        = $TeamMessageBody
    "ContentType" = 'application/json'
}

Invoke-RestMethod @parameters

result in teams


Solution

  • As @Peter Bons mentioned, your PowerShell script already has input parameter that asks user to enter the number of days until secrets expire.

    When I ran same script from this MS Doc, it prompted me to enter number of days and exported csv file with expiring secrets and certificates before 30 days successfully like this:

    enter image description here

    apps.csv:

    enter image description here

    You can also make use of below modified script that adds extra column specifying the number of days left for secrets and certificates to expire:

    Connect-MgGraph -Scopes 'Application.Read.All'
    
    $DaysUntilExpiration = 30
    $Now = Get-Date
    $Logs = @()
    
    Write-Host "Retrieving all applications... This may take a while." -ForegroundColor Yellow
    $Applications = Get-MgApplication -all
    
    foreach ($App in $Applications) {
        $AppName = $App.DisplayName
        $AppID   = $App.Id
        $ApplID  = $App.AppId
    
        $AppCreds = Get-MgApplication -ApplicationId $AppID | Select-Object PasswordCredentials, KeyCredentials
        $Secrets  = $AppCreds.PasswordCredentials
        $Certs    = $AppCreds.KeyCredentials
    
        foreach ($Secret in $Secrets) {
            $StartDate  = $Secret.StartDateTime
            $EndDate    = $Secret.EndDateTime
            $SecretName = $Secret.DisplayName
            $RemainingDaysCount = ($EndDate - $Now).Days
    
            if ($RemainingDaysCount -lt 30 -and $RemainingDaysCount -ge 0) {
                $Owner    = Get-MgApplicationOwner -ApplicationId $App.Id
                $Username = $Owner.AdditionalProperties.userPrincipalName -join ';'
                $OwnerID  = $Owner.Id -join ';'
    
                if ($null -eq $Owner.AdditionalProperties.userPrincipalName) {
                    $Username = $Owner.AdditionalProperties.displayName + ' **<This is an Application>**'
                }
                if ($null -eq $Owner.AdditionalProperties.displayName) {
                    $Username = '<<No Owner>>'
                }
    
                $Logs += [PSCustomObject]@{
                    'ApplicationName'        = $AppName
                    'ApplicationID'          = $ApplID
                    'Secret Name'            = $SecretName
                    'Secret Start Date'      = $StartDate
                    'Secret End Date'        = $EndDate
                    'ExpiresInDays'          = $RemainingDaysCount
                    'Certificate Name'       = $Null
                    'Certificate Start Date' = $Null
                    'Certificate End Date'   = $Null
                    'Owner'                  = $Username
                    'Owner_ObjectID'         = $OwnerID
                }
            }
        }
    
        foreach ($Cert in $Certs) {
            $StartDate = $Cert.StartDateTime
            $EndDate   = $Cert.EndDateTime
            $CertName  = $Cert.DisplayName
            $RemainingDaysCount = ($EndDate - $Now).Days
    
            if ($RemainingDaysCount -lt 30 -and $RemainingDaysCount -ge 0) {
                $Owner    = Get-MgApplicationOwner -ApplicationId $App.Id
                $Username = $Owner.AdditionalProperties.userPrincipalName -join ';'
                $OwnerID  = $Owner.Id -join ';'
    
                if ($null -eq $Owner.AdditionalProperties.userPrincipalName) {
                    $Username = $Owner.AdditionalProperties.displayName + ' **<This is an Application>**'
                }
                if ($null -eq $Owner.AdditionalProperties.displayName) {
                    $Username = '<<No Owner>>'
                }
    
                $Logs += [PSCustomObject]@{
                    'ApplicationName'        = $AppName
                    'ApplicationID'          = $ApplID
                    'Secret Name'            = $Null
                    'Certificate Name'       = $CertName
                    'Certificate Start Date' = $StartDate
                    'Certificate End Date'   = $EndDate
                    'ExpiresInDays'          = $RemainingDaysCount
                    'Owner'                  = $Username
                    'Owner_ObjectID'         = $OwnerID
                }
            }
        }
    }
    
    $Path = "C:\test\ExpiringAppSecretsCertificates.csv"
    $Logs | Export-Csv $Path -NoTypeInformation -Encoding UTF8
    
    Write-Host "Export completed successfully. File saved at: $Path" -ForegroundColor Green
    

    Response:

    enter image description here

    ExpiringAppSecretsCertificates.csv:

    enter image description here