From 503041fa0bc9ef44831ecf3e887588e15a022fd1 Mon Sep 17 00:00:00 2001
From: Danny de Kooker <d.dekooker@dcomputers.nl>
Date: Mon, 17 Feb 2025 18:08:50 +0100
Subject: [PATCH] Extended script with app Registration certificates

---
 Azure/Azure-App-Expiration.ps1 | 71 +++++++++++++++++++++++++++++++---
 1 file changed, 65 insertions(+), 6 deletions(-)

diff --git a/Azure/Azure-App-Expiration.ps1 b/Azure/Azure-App-Expiration.ps1
index ffbf7c0..bcc99ec 100644
--- a/Azure/Azure-App-Expiration.ps1
+++ b/Azure/Azure-App-Expiration.ps1
@@ -26,7 +26,7 @@
 
 #region Global script settings and variables
     #General    
-    $Version = "v1.0"
+    $Version = "v1.1"
     $logfilelocation = "$($MyInvocation.MyCommand.Path | Split-Path -Parent)\Logs"
     $logfilename = "$(Get-Date -Format yyyyMMddHHmmss)-Azure-App-Expiration-Report.log"
     $summaryfilename = "$(Get-Date -Format yyyyMMddHHmmss)-Azure-App-Expiration-Summary.txt"
@@ -123,10 +123,10 @@
 #endregion
 
 #region execute script
-    #Collect all app information
-    $AzureADApps = Get-MgApplication | Sort-Object DisplayName
-    $AppCertificateDetails = @() #Initiate the array to store the collected information
+    #Collect all app Registration information
+    $AzureADApps = Get-MgApplication -all | Sort-Object DisplayName
     $AppClientSecretsDetails = @() #Initiate the array to store the collected information
+    $AppCertificateDetails = @() #Initiate the array to store the collected information
 
     foreach ($App in $AzureADApps) {
         #Script should be extended to also include Certificates, preparations are already made.         
@@ -151,6 +151,27 @@
                 }
             }
         }
+        #Collect Client Secret details if available
+        if ($null -ne $App.KeyCredentials) {
+            foreach ($KeyCredential in $App.KeyCredentials) {
+                #Calculate remaining days
+                $RemainingDays = New-TimeSpan -Start $(Get-Date) -End $KeyCredential.EndDateTime
+                $DaysRemaining = $RemainingDays.Days
+                switch ($DaysRemaining) {
+                    {$_ -le '0'} {$CalculatedStatus = "ERROR"}
+                    {$_ -le $WarningDays} {$CalculatedStatus = "WARNING"}
+                    Default {$CalculatedStatus = "OK"}
+                }
+
+                $AppCertificateDetails += [PSCustomObject]@{
+                    AppDisplayName = $App.DisplayName
+                    CertificateName = $KeyCredential.Displayname
+                    Enddate = $KeyCredential.EndDateTime
+                    DaysRemaining = $DaysRemaining
+                    Status = $CalculatedStatus
+                }
+            }
+        }
     }
 #endregion
 
@@ -183,7 +204,7 @@ $htmlReport = @"
         Script version: $Version <br/></p>
 "@
     if ("" -ne $AppClientSecretsDetails) { $htmlReport += @"
-        <h2>Application Secrets Overview</h2>
+        <h2>App Registration Secrets Overview</h2>
         <table border='1'>
             <tr>
                 <th>App DisplayName</th>
@@ -195,7 +216,6 @@ $htmlReport = @"
 "@
         foreach ($AppClientSecretsDetail in $AppClientSecretsDetails) {
         $htmlReport += @"
-        
         <tr>
             <td>$($AppClientSecretsDetail.AppDisplayName)</td>
             <td>$($AppClientSecretsDetail.SecretName)</td>
@@ -207,6 +227,34 @@ $htmlReport = @"
                 default {"<td>$($AppClientSecretsDetail.Status)</td>"}
             } )
         </tr>
+"@
+        }
+    $htmlReport += "</table>"
+    }
+    if ("" -ne $AppCertificateDetails) { $htmlReport += @"
+        <h2>App Registration Certificates Overview</h2>
+        <table border='1'>
+            <tr>
+                <th>App DisplayName</th>
+                <th>Certificate Name</th>
+                <th>Enddate</th>
+                <th>Days Remaining</th>
+                <th>Status</th>
+            </tr>
+"@
+        foreach ($AppCertificateDetail in $AppCertificateDetails) {
+        $htmlReport += @"
+        <tr>
+            <td>$($AppCertificateDetail.AppDisplayName)</td>
+            <td>$($AppCertificateDetail.CertificateName)</td>
+            <td>$($AppCertificateDetail.Enddate)</td>
+            <td>$($AppCertificateDetail.DaysRemaining)</td>
+            $(switch ($AppCertificateDetail.Status) {
+                'ERROR' {"<td bgcolor='red'>$($AppCertificateDetail.Status)</td>"}
+                'WARNING' {"<td bgcolor='Yellow'>$($AppCertificateDetail.Status)</td>"}
+                default {"<td>$($AppCertificateDetail.Status)</td>"}
+            } )
+        </tr>
 "@
         }
     $htmlReport += "</table>"
@@ -250,5 +298,16 @@ $htmlReport = @"
             Write-Summary "Status:          $($AppClientSecretsDetail.Status)"
         }
     }
+    if ("" -ne $AppCertificateDetails) {
+        Write-Summary "App Client Secrets"
+        foreach ($AppCertificateDetail in $AppCertificateDetails) {
+            Write-Summary "******************" 
+            Write-Summary "App DisplayName: $($AppCertificateDetail.AppDisplayName)"
+            Write-Summary "Certificate Name:     $($AppCertificateDetail.CertificateName)"
+            Write-Summary "Enddate:         $($AppCertificateDetail.Enddate)"
+            Write-Summary "Days Remaining:  $($AppCertificateDetail.DaysRemaining)"
+            Write-Summary "Status:          $($AppCertificateDetail.Status)"
+        }
+    }
     Write-Summary "---------------------------"
 #endregion
\ No newline at end of file