try { $var = Get-AzureADTenantDetail } catch [Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException] { Write-Host "You're not connected."; Write-Host -ForegroundColor Red " *** Error With Azure AD Connection **" $Credential = Get-Credential #-credential used to connect Azure AD Connect-AzureAD -Credential $Credential } $Path = "C:\Temp\PowerShell - Enterprise\Process" # Location of file to be saved Get-AzureADServicePrincipal -All $true | Export-Csv -Path ""$($path)\Processes.csv"" -NoTypeInformation # Pull the list of all enterprise apps in the Tenant $AppListSource = Import-Csv -Path "$($path)\Processes.csv" # Read the CSV file having list of all Apps name , $Datetime= Get-Date -Format dd_MM_yyyy_HH.mm.ss $LogFileName=([string]::Concat("$($path)\Apps_Report " , $Datetime ,".csv")) New-Item $LogFileName -ItemType file Add-Content $LogFileName -Value ([string]::Concat("Application Display Name"+","+ "Oject ID" +","+ "App ID"+","+ "Application Access Dates"+","+ "UserPrincipalName")) ForEach ($AppNameSource in $AppListSource) { $varAppId = $AppNameSource.AppId $LoginDetails = Get-AzureAdAuditSigninLogs -top 1 -filter "AppId eq '$varAppId'" | select CreatedDateTime, userprincipalname Write-Host $AppNameSource.DisplayName "--" $LoginDetails.userprincipalname -ForegroundColor white Add-Content $LogFileName -Value ([string]::Concat($($AppNameSource.DisplayName) +","+ $($AppNameSource.ObjectId) +","+ $($AppNameSource.AppId)+","+ $LoginDetails.CreatedDateTime+","+ $LoginDetails.userprincipalname)) $value = $LoginDetails.userprincipalname if ( $value -ne $null ) { $appId = $AppNameSource.AppId # Check if a service principal already exists for the app $servicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$appId'" if ($servicePrincipal) { # Service principal exists already, disable it Set-AzureADServicePrincipal -ObjectId $servicePrincipal.ObjectId -AccountEnabled $false } } }
Friday, March 26, 2021
Azure AD service principal enterprise app disable
Friday, March 19, 2021
Last login details report from the Azure AD enterprise apps
#Connect with Azure AD UserPrincipalName try { $var = Get-AzureADTenantDetail } catch [Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException] { Write-Host "You're not connected."; Write-Host -ForegroundColor Red " *** Error With Azure AD Connection **" $Credential = Get-Credential #-credential used to connect Azure AD Connect-AzureAD -Credential $Credential } $Path = "C:\Temp\PowerShell - Enterprise\Process" # Location of file to be saved Get-AzureADServicePrincipal -All $true | Export-Csv -Path ""$($path)\Processes.csv"" -NoTypeInformation # Pull the list of all enterprise apps in the Tenant $AppListSource = Import-Csv -Path "$($path)\Processes.csv" # Read the CSV file having list of all Apps name , $Datetime= Get-Date -Format dd_MM_yyyy_HH.mm.ss $LogFileName=([string]::Concat("$($path)\Apps_Report " , $Datetime ,".csv")) New-Item $LogFileName -ItemType file Add-Content $LogFileName -Value ([string]::Concat("Application Display Name"+","+ "Oject ID" +","+ "App ID"+","+ "Application Access Dates"+","+ "UserPrincipalName")) ForEach ($AppNameSource in $AppListSource) { $varAppId = $AppNameSource.AppId $LoginDetails = Get-AzureAdAuditSigninLogs -top 1 -filter "AppId eq '$varAppId'" | select CreatedDateTime, userprincipalname Write-Host $AppNameSource.DisplayName "--" $LoginDetails.userprincipalname -ForegroundColor white Add-Content $LogFileName -Value ([string]::Concat($($AppNameSource.DisplayName) +","+ $($AppNameSource.ObjectId) +","+ $($AppNameSource.AppId)+","+ $LoginDetails.CreatedDateTime+","+ $LoginDetails.userprincipalname)) }
Compare two CSV file Data
$Path = "C:\Temp\PowerShell - Enterprise\Final" # Location of file to be saved $AppListSource = Import-Csv -Path "$($path)\AppList.csv" # CSV file having list of all Apps name , "Apps to review" tab $30DaysAppLogs = Import-Csv -Path "$($path)\Logs.csv" # CSV file downloaded from Azure Apps logs for last 30 days $Datetime= Get-Date -Format dd_MM_yyyy_HH.mm.ss $LogFileName=([string]::Concat("$($path)\Apps_Report " , $Datetime ,".csv")) New-Item $LogFileName -ItemType file Add-Content $LogFileName -Value ([string]::Concat("Application Name"+","+ "Oject ID" +","+ "Accessed in 30 days Yes/No")) ForEach ($AppNameSource in $AppListSource) { $TempData = $30DaysAppLogs | where {$_.Target1DisplayName -eq $AppNameSource.Target1DisplayName } $DataMatch = $TempData | Select-Object -first 1 If($DataMatch) { Write-Host $DataMatch.Target1DisplayName -ForegroundColor white Add-Content $LogFileName -Value ([string]::Concat($($DataMatch.Target1DisplayName) +","+ $($DataMatch.Target1ObjectId) +","+ "Yes")) } else { Write-Host $DataMatch.Target1DisplayName -ForegroundColor white Add-Content $LogFileName -Value ([string]::Concat($($AppNameSource.Target1DisplayName) +","+ $($AppNameSource.Target1ObjectId) +","+ "No")) } }
MFA Report
$loginURL = "https://login.microsoftonline.com" $resource = "https://graph.microsoft.com" $ClientSecret="qA-.-tt1A3rlu_4pe" $ClientID="6301d5-e-45-6b4675a9a" # App id $TenantName="test.onmicrosoft.com" #Repeating Function to get an Access Token based on the parameters: function RefreshToken($loginURL,$ClientID,$clientSecret,$tenantName) { $body = @{grant_type="client_credentials";client_id=$ClientID;client_secret=$ClientSecret;scope="https://graph.microsoft.com/.default"} $oauthResponse = Invoke-RestMethod -Method POST -Uri $loginURL/$TenantName/oauth2/v2.0/token -Body $body return $oauthResponse } #BUILD THE ACCESS TOKEN $oauth=RefreshToken -loginURL $loginURL -resource $resource -ClientID $ClientID -clientSecret $ClientSecret -tenantName $TenantName $Identity = $oauth.access_token #$ClientSecret1 = "qA-.-tDjp6n5Wc9d84~tmset1A3rlu_4pe" #$ClientSecret = ConvertTo-SecureString -String $ClientSecret1 -AsPlainText -Force #$Token = Get-MsalToken -clientID $ClientID -tenantID $tenantId -Scope 'https://graph.microsoft.com/Policy.Read.All' -RedirectUri "https://login.microsoftonline.com/common/oauth2/nativeclient" -clientsecret $ClientSecret #$Identity = $Token.AccessToken $headerParams = @{'Authorization'="$($oauth.token_type) $($Identity)"} $CAPolicies = "https://graph.microsoft.com/beta/conditionalAccess/policies" #$CAPolicies = "https://graph.microsoft.com/beta/conditionalAccess/policies/06108f32-1950-4342-ae8f-968121a366d4" $apirequest = (Invoke-WebRequest -Headers $headerParams -Uri $CAPolicies -Method GET) $Logs = @() foreach ($event in ($apirequest.Content | ConvertFrom-Json| select -ExpandProperty value)) { $Log = New-Object System.Object $Log | Add-Member -MemberType NoteProperty -Name "Policy ID" -Value $event.id $Log | Add-Member -MemberType NoteProperty -Name "Policy Name" -Value $event.displayName $Log | Add-Member -MemberType NoteProperty -Name "Policy State" -value $event.state $Log | Add-Member -MemberType NoteProperty -Name "Policy Last Updated Time" -value $event.modifiedDateTime $Log | Add-Member -MemberType NoteProperty -Name "Policy Session Controls App Enforced Restrictions" -Value $event.sessionControls.applicationEnforcedRestrictions $Log | Add-Member -MemberType NoteProperty -Name "Policy Session - CA App Control" -value $event.sessionControls.cloudAppSecurity $Log | Add-Member -MemberType NoteProperty -Name "Policy Session - Sign in Frequency" -value $event.sessionControls.signInFrequency $IncludedUsers = $event.conditions.users.includeUsers -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Included Users" -Value $IncludedUsers $ExcludedUsers = $event.conditions.users.excludeUsers -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Excluded Users" -Value $ExcludedUsers $IncludedGroups = $event.conditions.users.includeGroups -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Included Groups" -Value $IncludedGroups $ExcludedGroups = $event.conditions.users.excludeGroups -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Excluded Groups" -Value $ExcludedGroups # $IncludedRoles = $event.conditions.users.includeRoles -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Included Roles" -Value $IncludedRoles $ExcludedRoles = $event.conditions.users.excludeRoles -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Excluded Roles" -Value $ExcludedRoles $IncludedApps = $event.conditions.applications.includeApplications -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Included Applications" -value $IncludedApps $ExcludedApps = $event.conditions.applications.excludeApplications -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Excluded Applications" -value $ExcludedApps $IncludedUserActions = $event.conditions.applications.includeUserActions -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy User Actions" -value $IncludedUserActions $ClientTypes = $event.conditions.clientAppTypes -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - Client Apps " -value $ClientTypes $IncludedDevices = $event.conditions.devices.includeDeviceStates -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - Included Device States" -Value $IncludedDevices $ExcludedDevices = $event.conditions.devices.excludeDeviceStates -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - Excluded Device States" -Value $ExcludedDevices $IncludedLocations = $event.conditions.locations.includeLocations -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - Included Locations" -value $IncludedLocations $ExcludedLocations = $event.conditions.locations.excludeLocations -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - Excluded Locations" -value $ExcludedLocations $IncludedPlatforms = $event.conditions.platforms.includePlatforms -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - Included Device Platforms" -value $IncludedPlatforms $ExcludedPlatforms = $event.conditions.platforms.excludePlatforms -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - Excluded Device Platforms" -value $ExcludedPlatforms $SignInRiskLevels = $event.conditions.signInRiskLevels -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - SignInRiskLevels" -Value $RiskLevels $UserRiskLevels = $event.conditions.userRiskLevels -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Conditions - UserRiskLevels" -value $UserRiskLevels $BuildInControls = $event.grantControls.builtInControls -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Controls" -Value $BuildInControls $AuthFactors = $event.grantControls.customAuthenticationFactors -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Auth Factors" -value $AuthFactors $TermsOfUse = $event.grantControls.termsOfUse -join "; " $Log | Add-Member -MemberType NoteProperty -Name "Policy Terms Of Use" -value $TermsOfUse $Logs += $Log } Write-host "Add the Path you'd like us to export the CSV file to, in the format of <c: sers="">\Desktop\Users.csv>" -ForegroundColor white -BackgroundColor Black $Logs | Export-CSV "C:\Temp\MFA Report\Results.csv" -NoTypeInformation -Encoding UTF8 </c:>
Thursday, March 18, 2021
Get the list of all Azure AD enterprise application list
Connect-AzureAD Get-AzureADServicePrincipal -All $true Get-AzureADServicePrincipal -All $true | Export-Csv -Path "C:\Temp\PowerShell - Enterprise\Processes.csv" -NoTypeInformation
Subscribe to:
Posts (Atom)