Friday, March 26, 2021

Azure AD service principal enterprise app disable 

try 
    { 

        $var = Get-AzureADTenantDetail 
    } 

   catch [Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException] 
    { 
        Write-Host "You're not connected."; 
        Write-Host -ForegroundColor Red " *** Error With Azure AD Connection **" 
              
       
        $Credential = Get-Credential #-credential  used to connect Azure AD 
        Connect-AzureAD -Credential $Credential

    }

$Path = "C:\Temp\PowerShell - Enterprise\Process" # Location of file to be saved

Get-AzureADServicePrincipal -All $true | Export-Csv -Path ""$($path)\Processes.csv"" -NoTypeInformation # Pull the list of all enterprise apps in the Tenant
$AppListSource = Import-Csv -Path "$($path)\Processes.csv" # Read the CSV file having list of all Apps name , 


$Datetime= Get-Date -Format dd_MM_yyyy_HH.mm.ss
$LogFileName=([string]::Concat("$($path)\Apps_Report " , $Datetime ,".csv"))
New-Item  $LogFileName  -ItemType file
Add-Content $LogFileName -Value ([string]::Concat("Application Display Name"+","+ "Oject ID" +","+ "App ID"+","+ "Application Access Dates"+","+ "UserPrincipalName"))


    ForEach ($AppNameSource in $AppListSource)
    {

        
        
        $varAppId = $AppNameSource.AppId
        
        $LoginDetails  = Get-AzureAdAuditSigninLogs -top 1 -filter "AppId eq '$varAppId'" | select CreatedDateTime, userprincipalname 

             
            
           Write-Host $AppNameSource.DisplayName "--"   $LoginDetails.userprincipalname  -ForegroundColor white
           Add-Content $LogFileName -Value ([string]::Concat($($AppNameSource.DisplayName) +","+ $($AppNameSource.ObjectId) +","+ $($AppNameSource.AppId)+","+ $LoginDetails.CreatedDateTime+","+ $LoginDetails.userprincipalname))

           $value = $LoginDetails.userprincipalname
           
                if ( $value -ne $null )
            {
                

                 $appId = $AppNameSource.AppId

                # Check if a service principal already exists for the app
                $servicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$appId'"
                if ($servicePrincipal) {
                # Service principal exists already, disable it
                  Set-AzureADServicePrincipal -ObjectId $servicePrincipal.ObjectId -AccountEnabled $false
                } 

            }

        
       
    }
By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

HTML

Script:

JS