Service Principal - find detailed information

Komoroske, Gina 371 Reputation points
2020-01-24T15:15:52.407+00:00

Hello,
We have discovered a service principal was created and granted Global Admin rights in our Azure AD. No one seems to know what this account is used for and why it has GA rights.

How can I find out the details of this account, such as, when was it created, who created it, what it's tied to (apps??), is it even being used anywhere, etc?

I've done a CLI command (az ad sp show --id) and I only get this info below. The only thing that gives me any inclination at all is the password credentials section and it appears it has expired? Any insight is appreciated!

az ad sp show --id NUMBER
{
"accountEnabled": "True",
"addIns": [],
"alternativeNames": [],
"appDisplayName": null,
"appId": "NUMBER",
"appOwnerTenantId": null,
"appRoleAssignmentRequired": false,
"appRoles": [],
"applicationTemplateId": null,
"deletionTimestamp": null,
"displayName": "NAME",
"errorUrl": null,
"homepage": null,
"informationalUrls": null,
"keyCredentials": [],
"logoutUrl": null,
"notificationEmailAddresses": [],
"oauth2Permissions": [],
"objectId": "NUMBER",
"objectType": "ServicePrincipal",
"odata.metadata": "https://graph.windows.net/NUMBER/$metadata#directoryObjects/@Angie Jude ",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
"passwordCredentials": [
{
"additionalProperties": null,
"customKeyIdentifier": null,
"endDate": "2015-12-30T17:50:06.145771+00:00",
"keyId": "NUMBER",
"startDate": "2014-12-30T17:50:06.145771+00:00",
"value": null
}
],
"preferredSingleSignOnMode": null,
"preferredTokenSigningKeyEndDateTime": null,
"preferredTokenSigningKeyThumbprint": null,
"publisherName": null,
"replyUrls": [],
"samlMetadataUrl": null,
"samlSingleSignOnSettings": null,
"servicePrincipalNames": [
"NUMBER",
"NAME"
],
"servicePrincipalType": "Legacy",
"signInAudience": null,
"tags": [],
"tokenEncryptionKeyId": null

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,103 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 92,596 Reputation points MVP
    2020-01-24T16:51:44.283+00:00