Forum Discussion

lfk73's avatar
lfk73
Brass Contributor
Nov 17, 2024

Unused Enterprise applications

I inherited an Azure\Entra AD domain with a crazy number of Enterprise applications configured.  Some going back 5, 6 or more years.   Practically all of them are configured to not require user ass...
azure
Enterprise Applications
Kidd_Ip's avatar
Kidd_Ip
MVP
Nov 19, 2024

Try the below PS:

 

# Connect to Azure AD

Connect-AzureAD

 

# Set the number of days to check for stale applications

$staleDays = 30

 

# Get the list of enterprise applications

$apps = Get-AzureADServicePrincipal -All $true

 

# Filter out the applications that have had a sign-in within the last $staleDays days

$staleApps = $apps | Where-Object {

(Get-AzureADAuditSignInLogs -ObjectId $_.ObjectId -All $true -Top 1).createdDateTime -lt (Get-Date).AddDays(-$staleDays) 

 

# Display the list of stale applications

$staleApps | Select-Object DisplayName, AppId

  • lfk73's avatar
    lfk73
    Brass Contributor
    Nov 24, 2024

    Tried it get:

     

    Get-AzureADAuditSignInLogs : The term 'Get-AzureADAuditSignInLogs' is not recognized as the name of a cmdlet, function, script file, or operable program

     

    Googled it, tried everything.  Nothing works.  

Resources