-
Notifications
You must be signed in to change notification settings - Fork 22
/
Get-AppRegistrationExpiration.ps1
139 lines (120 loc) · 6.06 KB
/
Get-AppRegistrationExpiration.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<#
Disclaimer
The sample scripts are not supported under any Microsoft standard support program or service.
The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation,
any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample
scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery
of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss
of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if
Microsoft has been advised of the possibility of such damages.
#>
Function _SendToLogAnalytics{
Param(
[string]$customerId,
[string]$sharedKey,
[string]$logs,
[string]$logType,
[string]$timeStampField
)
# Generate the body for the Invoke-WebRequest
$body = ([System.Text.Encoding]::UTF8.GetBytes($Logs))
$method = "POST"
$contentType = "application/json"
$resource = "/api/logs"
$rfc1123date = [DateTime]::UtcNow.ToString("r")
$contentLength = $body.Length
#Create the encoded hash to be used in the authorization signature
$xHeaders = "x-ms-date:" + $rfc1123date
$stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource
$bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash)
$keyBytes = [Convert]::FromBase64String($sharedKey)
$sha256 = New-Object System.Security.Cryptography.HMACSHA256
$sha256.Key = $keyBytes
$calculatedHash = $sha256.ComputeHash($bytesToHash)
$encodedHash = [Convert]::ToBase64String($calculatedHash)
$authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash
# Create the uri for the data insertion endpoint for the Log Analytics workspace
$uri = "https://" + $customerId + ".ods.opinsights.azure.us" + $resource + "?api-version=2016-04-01"
# Create the headers to be used in the Invoke-WebRequest
$headers = @{
"Authorization" = $authorization;
"Log-Type" = $logType;
"x-ms-date" = $rfc1123date;
"time-generated-field" = $timeStampField;
}
# Try to send the logs to the Log Analytics workspace
Try{
$response = Invoke-WebRequest `
-Uri $uri `
-Method $method `
-ContentType $contentType `
-Headers $headers `
-Body $body `
-UseBasicParsing `
-ErrorAction stop
}
# Catch any exceptions and write them to the output
Catch{
Write-Error "$($_.Exception)"
throw "$($_.Exception)"
}
# Return the status code of the web request response
return $response
}
#### End Function Declaration Section ##############################################################
####Connect to the O365 Tenant using AutomationCredential###########################################
Try{
$credentials = Get-AutomationPSCredential -Name "AppRegistrationMonitor" -ErrorAction Stop
} catch {
write-error "Unable to find AutomationPSCredential"
throw "Unable to find AutomationPSCredential"
}
Try {
$tenantID= Get-AutomationVariable -Name 'MonitoredTenantID'
Connect-AzAccount -ServicePrincipal -Credential $credentials -Tenant $tenantID
} catch {
write-error "$($_.Exception)"
throw "$($_.Exception)"
}
Write-output 'Gathering necessary information...'
$applications = Get-AzADApplication
$servicePrincipals = Get-AzADServicePrincipal
$timeStamp = Get-Date -format o
$appWithCredentials = @()
$appWithCredentials += $applications | Sort-Object -Property DisplayName | % {
$application = $_
$sp = $servicePrincipals | ? ApplicationId -eq $application.ApplicationId
Write-Verbose ('Fetching information for application {0}' -f $application.DisplayName)
$application | Get-AzADAppCredential -ErrorAction SilentlyContinue | Select-Object `
-Property @{Name='DisplayName'; Expression={$application.DisplayName}}, `
@{Name='ObjectId'; Expression={$application.Id}}, `
@{Name='ApplicationId'; Expression={$application.ApplicationId}}, `
@{Name='KeyId'; Expression={$_.KeyId}}, `
@{Name='Type'; Expression={$_.Type}},`
@{Name='StartDate'; Expression={$_.StartDate -as [datetime]}},`
@{Name='EndDate'; Expression={$_.EndDate -as [datetime]}}
}
Write-output 'Validating expiration data...'
$today = (Get-Date).ToUniversalTime()
$appWithCredentials | Sort-Object EndDate | % {
if($_.EndDate -lt $today) {
$days= ($_.EndDate-$Today).Days
$_ | Add-Member -MemberType NoteProperty -Name 'Status' -Value 'Expired'
$_ | Add-Member -MemberType NoteProperty -Name 'TimeStamp' -Value "$timestamp"
$_ | Add-Member -MemberType NoteProperty -Name 'DaysToExpiration' -Value $days
} else {
$days= ($_.EndDate-$Today).Days
$_ | Add-Member -MemberType NoteProperty -Name 'Status' -Value 'Valid'
$_ | Add-Member -MemberType NoteProperty -Name 'TimeStamp' -Value "$timestamp"
$_ | Add-Member -MemberType NoteProperty -Name 'DaysToExpiration' -Value $days
}
}
$audit = $appWithCredentials | convertto-json
$customerId= Get-AutomationVariable -Name 'LogAnalyticsWorkspaceID'
$sharedKey= Get-AutomationVariable -Name 'LogAnalyticsPrimaryKey'
_SendToLogAnalytics -CustomerId $customerId `
-SharedKey $sharedKey `
-Logs $Audit `
-LogType "AppRegistrationExpiration" `
-TimeStampField "TimeStamp"
Write-Output 'Done.'