How to Identify stale Azure AD Enterprise Applications and App Registrations

Question

How to Identify stale Azure AD Enterprise Applications and App Registrations

Son 316

Hi,

I am looking to report on Enterprise Applications that have had no sign ins for the past 30/60 days using automation such as PowerShell scripting.

I have found the usage and insights preview feature in Azure AD but I don't think this is delivering what I need, it only appears to show applications that have had a successful or failed sign in. I want to know what applications are completrly stale.

Assuming there is some MS Graph cmdlets for this or some KQL that can be run to pull back what I need and was hoping there was something out there already I could use!

Thanks

2 answers

Your answer

Answer 1

Susheel Bhatt 346

Here is a sample PowerShell script to retrieve the list of Enterprise Applications that have had no sign-ins for the past 30/60 days. This sample PowerShell script uses the Azure AD PowerShell module:


# Connect to Azure AD
Connect-AzureAD

# Set the number of days to check for stale applications
$staleDays = 30

# Get the list of enterprise applications
$apps = Get-AzureADServicePrincipal -All $true

# Filter out the applications that have had a sign-in within the last $staleDays days
$staleApps = $apps | Where-Object { 
    (Get-AzureADAuditSignInLogs -ObjectId $_.ObjectId -All $true -Top 1).createdDateTime -lt (Get-Date).AddDays(-$staleDays) 
}

# Display the list of stale applications
$staleApps | Select-Object DisplayName, AppId

You can adjust the $staleDays variable to set the number of days that you want to check for stale applications. You can also modify the Select-Object statement to display additional properties if needed.

Son 316 Reputation points

2023-04-04T08:10:19.6866667+00:00

Hi Susheel, Getting the following: The term 'Get-AzureADAuditSignInLogs' is not recognized as the name of a cmdlet, function, script file, or operable program.
Son 316 Reputation points

2023-04-04T08:42:31.25+00:00

I've uninstalled the AzureAD module, confirmed the AzureADPreview module is installed fresh. Imported the AzureADPreview module in advance and connected but still not loading that command.

Koc Rojan (CH/FSA) 5

Hi,

I'm getting an error when I attempt to run the referred script :)

Get-AzureADAuditSignInLogs : A parameter cannot be found that matches parameter name 'ObjectId'.
At line:12 char:33
+     (Get-AzureADAuditSignInLogs -ObjectId $_.ObjectId -All $true -Top ...
+                                 ~~~~~~~~~

Péter Kincses 5 Reputation points

2023-07-17T13:53:19.4166667+00:00

Is there any fix for the ObjectID error? i get the same
Ben Kelland 0 Reputation points

2024-01-03T11:30:01.16+00:00

Yes same issue with script.
EnterpriseArchitect 6,061 Reputation points

2024-06-13T06:38:19.9533333+00:00

Any update please @susheel ?
Stephan van Helden 31 Reputation points

2024-06-19T09:33:07.8666667+00:00

Get-AzureADAuditSignInLogs does not have a parameter ObjectId

Answer 2

As others have stated, the command does not have a argument "ObjectID". This should be managed using a filter.

Also the script calculates the date for each app.

Thirdly, all Microsoft Apps are also checked.

I use a modified script (still tweaking it so it might not be perfect):

# Connect to Azure AD 
Connect-AzureAD 

# Set the number of days to check for stale applications $staleDays = 30
$DropOffDate = (Get-Date).AddDays(-$staleDays)

# Get the list of enterprise applications
$apps=Get-AzureADServicePrincipal -all $true | where {(-not [string]::IsNullOrEmpty($_.AppDisplayName)) -and $_.PublisherName -ne "Microsoft Services" -and $_.AccountEnabled -eq $true}

#Filter out the applications that have had a sign-in within the last $staleDays days
$staleApps = $apps | Where-Object {
      (Get-AzureADAuditSignInLogs -filter "appId eq '$($_.AppId)'").createdDateTime -lt $DropOffDate
}
# Display the list of stale applications
$staleApps | Select-Object AppDisplayName, AppId

EnterpriseArchitect 6,061 Reputation points

2025-05-28T10:57:38.63+00:00

Thank you @de Rolf groep ,
The deprecation notice period for AzureAD PowerShell ends on March 30, 2025.

Share via

How to Identify stale Azure AD Enterprise Applications and App Registrations

2 answers

Your answer