Azure Applications and App Registrations – Certificate & Secret Details

<#

Script Name: Get-ApplicationSecretandCertificateDetails.ps1

Return a collection of applications and their secret information. Feel free to use
the returned applicaiton certificate expiration details for reporting and 
alerting.

Before you run this script, you have to connect to Microsoft Graph with scope
"Application.Read.All". 

Connect-MgGraph -Scopes "Application.Read.All" -TenantId <tenant Id>

Usage:

Running this script:
.\Get-ApplicationSecretandCertificateDetails.ps1

returns a CSV object with following column/attributes:

AppName, AppId, SecretDescription, keyId ,endDateTime  

You may assign the return CSV object to a variable for futher operations:

$AppCerts = .\Get-ApplicationSecretandCertificateDetails.ps1

Written by: Anand, the Awesome
#>


# Function to get the secret information of an application using its App ID
function get-appSecretInfo($appid) {    
    # Make a GET request to Microsoft Graph API to get the application details by its App ID
    $out = Invoke-MgGraphRequest -Method GET "https://graph.microsoft.com/v1.0/applications?`$filter=id%20eq%20'$appid'"    
    # Return the password credentials (secrets) of the application
    return $out.value[0]["passwordCredentials"]
}


<#
* * * The script starts here * * *
#>
return ( 
    # Get all applications from Microsoft Graph
    Get-MgApplication |  
    # For each application, get its secret information and select desired properties
    ForEach-Object { 
        $app = $PSItem 
        # Call the function get-appSecretInfo to get the secrets of the current application
        get-appSecretInfo -appid $app.Id | 
        # Select and format the properties to be displayed
        Select-Object @{
            Name="AppName";E={$app.DisplayName}
        },@{
            Name="AppId";E={$app.Id}
        },@{
            N="SecretDescription";E={$PSItem.displayName}
        }, KeyId, EndDateTime 
    }
)