Check App Registration Secret Expiry With Graph API

In this Microsoft Graph API PowerShell article, we will show how to check how many days each App Registration secret has until it expires.

App Registration secrets are very complex passwords used for authentication between Azure and Microsoft 365. Each App has API permissions that are attached to it.

Using an App Registration secret, ID and tenant information, an App Registration can request a token that can be used to create, modify or delete resources on Azure or Microsoft 365.

In the following PowerShell script, we get a list of all the App Registration in the tenant, displaying the expiration date and the number of days until each secret expires.

To successfully run this script, complete the following two articles.

PowerShell Script

Import-Module Microsoft.Graph.Applications

$AppRegList = Get-MgApplication -All -Property AppId, DisplayName, PasswordCredentials, KeyCredentials, Id 
$secretapps = $AppRegList | Where-Object {$_.passwordCredentials}

                    $secretapps = foreach ($app in $secretapps){
                        foreach ($Secret in $app.PasswordCredentials) {

                             $daysuntilexpire = New-TimeSpan -Start (get-date) -End $secret.endDateTime
                           #  write-host  $app.DisplayName ":" $secret.endDateTime  ":" $daysuntilexpire.Days
                                    appdisplayname      = $app.DisplayName
                                    Appid               = $app.AppId
                                    expirationdate      = $Secret.EndDateTime
                                    daysuntilexpire = (New-TimeSpan -Start (get-date) -End $secret.endDateTime).Days
                                    Id                  = $App.Id
                           # }

$secretapps | select appdisplayname, id, expirationdate, daysuntilexpire

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.