When using Entra and you create a oAuth registration this unlike SAML creates a secret key that expires, usually if you are progressive after 72 months.
When they expire they can cause issues with applications, so lets get some PowerShell out of the toolbox and combine it with some simple HTML to get a report, this report will be ordered by date expiring.
This is the script
# Connect to Azure AD
Connect-AzureAD
# Start HTML output
$html = @"
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Application Registrations with Secrets</title>
<style>
table {
border-collapse: collapse; width: 100%;
}
th, td {
border: 1px solid #dddddd;
text-align: left;
padding: 8px;
}
th {
background-color: #f2f2f2;
}
</style>
</head>
<body>
<h1>Application Registrations with Secrets</h1>
<table>
<tr>
<th>Application Name</th>
<th>Object ID</th>
<th>Secret Expiry</th>
</tr>
"@
# Get all application registrations with secrets
$apps = Get-AzureADApplication -All $true | Where-Object { $_.PasswordCredentials.Count -gt 0 }
# Iterate through each application registration
foreach ($app in $apps) {
$html += "<tr>"
$html += "<td>$($app.DisplayName)</td>"
$html += "<td>$($app.ObjectId)</td>"
$secretExpiry = ""
# Get expiry date for each secret
foreach ($secret in $app.PasswordCredentials) {
$expiryDate = $secret.EndDate
if ($expiryDate -ne $null) {
$secretExpiry += "$($expiryDate.ToString())<br>"
} else {
$secretExpiry += "Never<br>"
}
}
$html += "<td>$secretExpiry</td>"
$html += "</tr>"
}
# End HTML output
$html += @"
</table>
</body>
</html>
"@
# Disconnect from Azure AD
Disconnect-AzureAD
# Save HTML content to a file
$html | Out-File -FilePath "c:\temp\application_registrations.html" -Encoding UTF8
Write-Host "HTML output generated: application_registrations.html"
They key for me is this action is red below, these are not in order as they have been modified for the Internet.
