获取具有令牌生存期策略的所有应用程序代理应用

概述

PowerShell 脚本示例列出了目录中具有令牌生存期策略的所有Microsoft Entra应用程序代理应用程序,并列出有关策略的详细信息。

如果没有 Azure 订阅,请在开始前创建 Azure 试用版

注释

建议使用 Azure Az PowerShell 模块与Azure交互。 请参阅 Install Azure PowerShell 入门。 若要了解如何迁移到 Az PowerShell 模块,请参阅 Migrate Azure PowerShell从 AzureRM 迁移到 Az

此示例需要 Microsoft Graph Beta PowerShell 模块 2.10 或更高版本。

示例脚本

# This sample script gets all Microsoft Entra proxy applications that have assigned an Azure AD policy (token lifetime) with policy details.
# Reference:
# Configurable token lifetimes in Microsoft Entra ID
# https://docs.azure.cn/en-us/entra/identity-platform/configurable-token-lifetimes
#
# Version 1.0
#
# This script requires PowerShell 5.1 (x64) or beyond and one of the following modules:
#
# Microsoft.Graph.Beta ver 2.10 or newer
#
# Before you begin:
#    
#    Required Microsoft Entra role at least Application Administrator
#    or appropriate custom permissions as documented https://docs.azure.cn/en-us/entra/identity/role-based-access-control/custom-enterprise-app-permissions
#
# 

Import-Module Microsoft.Graph.Beta.Applications

Connect-MgGraph -Environment China -ClientId 'YOUR_CLIENT_ID' -TenantId 'YOUR_TENANT_ID' -Scope Directory.Read.All -NoWelcome

Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green" 

$aadapServPrinc = Get-MgBetaServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}

Write-Host "Reading Microsoft Entra applications. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"

$allApps = Get-MgBetaApplication -Top 100000

Write-Host "Reading application. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"

$aadapApp = $null

foreach ($item in $aadapServPrinc) {
   foreach ($item2 in $allApps) {
    
     if ($item.AppId -eq $item2.AppId) {[array]$aadapApp += $item2}

    }
}

foreach ($item in $aadapApp)
 {
  
  $Policies = $Null
  $Policies = Get-MgBetaApplicationTokenLifetimePolicy -ApplicationId $item.Id 
  
  if ($Policies -ne $Null) {

  Write-Host ("")        
 
  Write-Host $item.DisplayName + " (AppId: " + $item.AppId + ")"  -BackgroundColor "Black" -ForegroundColor "White" 
 
  Write-Host ("") 
  Write-Host ("Assigned policy:") 
  Write-Host ("") 

  Write-Host ("Policy Id:    " + $Policies.Id)
  Write-Host ("DisplayName:  " + $Policies.DisplayName)
  Write-Host ("Definition:   " + $Policies.Definition)
  Write-Host ("Org. default: " + $Policies.IsOrganizationDefault)
  Write-Host ("") 

  }
          
 }   

Write-Host ("")
Write-Host ("Finished.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host "To disconnect from Microsoft Graph, please use the Disconnect-MgGraph cmdlet."

脚本说明

Command 注释
Connect-MgGraph 连接到Microsoft Graph
Get-MgBetaServicePrincipal 获取服务主体
Get-MgBetaApplication 获取企业应用程序
Get-MgBetaApplicationTokenLifetimePolicy 列出分配给应用程序或服务主体的策略

后续步骤

  • Last updated on