Hi everyone, I am trying to Identify stale Azure AD Enterprise Applications and App Registrations without sign-ins for the last 120 days.

Rajesh Datrika 20 Reputation points
2024-02-22T05:31:52.36+00:00

Hi everyone, I am trying to Identify stale Azure AD Enterprise Applications and App Registrations without sign-ins for the last 120 days. Is it possible to export all enterprise applications to a CSV file based on their last sign-in date. I would like to export all applications where there are no sign-in's for last 120 days. I have tried the below script, but it doesn't work.

Specify the path where you want to save the CSV report

$PathCsv = "C:\Temp\StaleEnterpriseApplicationsReport.csv"

Get all service principals (enterprise applications)

$ServicePrincipalList = Get-AzureADServicePrincipal -All $true

Filter service principals based on sign-in activity

$StaleApps = $ServicePrincipalList | Where-Object { # Check if LastSignInDateTime is not available or more than 120 days old ($.SignInActivity -eq $null) -or ($.SignInActivity.LastSignInDateTime -ne $null -and $_.SignInActivity.LastSignInDateTime -lt (Get-Date).AddDays(-120)) }

Select relevant properties and export to CSV

$StaleApps | Select-Object DisplayName, ObjectId, ServicePrincipalType, PublisherName, @{ Name = "Tags" Expression = { $_.Tags } } | Export-Csv -Path $PathCsv -NoTypeInformation

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,271 questions
{count} votes

Accepted answer
  1. Vasil Michev 103.4K Reputation points MVP
    2024-02-22T07:14:20.2+00:00

    Not sure where you got this script, but it looks like another AI "hallucination". There is no SignInActivity property for service principal objects, the only way to get such information is to crawl the sign-in logs, which in turn only keep data for 30 days. Alternatively, you can use the servicePrincipalSignInActivities report: https://learn.microsoft.com/en-us/graph/api/reportroot-list-serviceprincipalsigninactivities?view=graph-rest-beta&tabs=http

    Here's a ready to use script that takes the second approach: https://www.michev.info/blog/post/5922/reporting-on-entra-id-integrated-applications-service-principals-and-their-permissions

    And for application registrations, you can use: https://www.michev.info/blog/post/5940/reporting-on-entra-id-application-registrations

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.