Following the script from Vasil Michev I came across:
https://www.michev.info/blog/post/5940/reporting-on-entra-id-application-registrations
When the script has run the output will probably show that there are a number of Enterprise Apps that haven't got an owner associated to them.
This can become a problem when trying to identify it's usage, and when a secret or certificate is almost expiring or has expired.
To make sure you have your owners set, I created this script.
It get's all Enterprise apps and filters the ones without an owner. It then add the owners you want to all the apps that haven't got an owner.
Remember to test this out first.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | # Install AzureAD module if not already installed try { Import-Module AzureAD -ErrorAction Stop } catch { Install-Module AzureAD -Force Import-Module AzureAD } # Connect to Azure AD Connect-AzureAD # Define the owners you want to add $owner1 = "user1@domain.com" $owner2 = "user2@domain.com" # Retrieve all enterprise apps $apps = Get-AzureADServicePrincipal -All $true # Filter apps without an owner $appsWithoutOwners = $apps | Where-Object { (Get-AzureADServicePrincipalOwner -ObjectId $_.ObjectId).Count -eq 0 } $appsWithoutOwners.count # Display the filtered apps foreach ($app in $appsWithoutOwners) { Write-Host "App without owner: $($app.DisplayName)" } # Add the owners foreach ($app in $appsWithoutOwners) { # Add the two specific owners $owner1ObjectId = (Get-AzureADUser -Filter "UserPrincipalName eq '$owner1'").ObjectId $owner2ObjectId = (Get-AzureADUser -Filter "UserPrincipalName eq '$owner2'").ObjectId Add-AzureADServicePrincipalOwner -ObjectId $app.ObjectId -RefObjectId $owner1ObjectId Add-AzureADServicePrincipalOwner -ObjectId $app.ObjectId -RefObjectId $owner2ObjectId Write-Host "Added owners to App: $($app.DisplayName)" $app = $null } Write-Host "Process completed." |
No comments:
Post a Comment