Ottenere tutte le app proxy ed elencare le informazioni estese

Informazioni generali

L'esempio di script di PowerShell elenca le informazioni su tutte le applicazioni proxy dell'applicazione Microsoft Entra, tra cui l'ID applicazione (AppId), il nome (DisplayName), l'URL esterno (ExternalUrl), l'URL interno (InternalUrl), il tipo di autenticazione (ExternalAuthenticationType), la modalità Single Sign-On (SSO) e altre impostazioni.

La modifica del valore della variabile $ssoMode abilita un output filtrato in base alla modalità SSO. Altri dettagli sono documentati nello script.

Se non si ha una sottoscrizione di Azure , creare un account gratuito di Azure prima di iniziare.

Nota

È consigliabile usare il modulo Azure Az PowerShell per interagire con Azure. Per iniziare, vedere Installare Azure PowerShell. Per informazioni su come eseguire la migrazione al modulo Az PowerShell, vedere Eseguire la migrazione di Azure PowerShell da AzureRM ad Az.

L'esempio richiede il modulo PowerShell microsoft Graph Beta 2.10 o versione successiva.

Script di esempio

# This sample script enumerates all Microsoft Entra application proxy applications with configuration details
#
# Version 1.0
#
# This script requires PowerShell 5.1 (x64) or beyond and one of the following modules:
#
# Microsoft.Graph.Beta ver 2.10 or newer
#
# Before you begin:
#    
#    Required Microsoft Entra role at least Application Administrator or Application Developer

$ssoMode = "All"

# Change $ssoMode to filter the output based on the configured SSO type
# All                           - all Microsoft Entra application proxy apps (no filter)
# none                          - Microsoft Entra application proxy apps configured with no SSO, SAML, Linked, Password
# OnPremisesKerberos            - Microsoft Entra application proxy apps configured with Windows Integrated SSO (Kerberos Constrained Delegation)
# aadHeaderBased                - Microsoft Entra Native Header-based authentication
# pingHeaderBased               - Microsoft Entra Ping Header-based authentication
# oAuthToken                    - Microsoft Entra OAuth-based SSO


Import-Module Microsoft.Graph.Beta.Applications

Connect-MgGraph -Scope Directory.Read.All -NoWelcome

Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green" 

$aadapServPrinc = Get-MgBetaServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}

Write-Host "Reading Microsoft Entra applications. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"

$allApps = Get-MgBetaApplication -Top 100000

Write-Host "Filtering Microsoft Entra application proxy applications. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"

$aadapApp = $null

foreach ($item in $aadapServPrinc) {
   foreach ($item2 in $allApps) {
    
     if ($item.AppId -eq $item2.AppId) {[array]$aadapApp += $item2}

    }
}

$numberofAadapApps, $numberofFilteredAadapApps = 0, 0

Write-Host "Displaying all Microsoft Entra application proxy applications with configuration details..." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host "SSO mode filter: " $ssoMode -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host " "


foreach ($item in $aadapApp) {
 
 $aadapAppConf, $aadapAppConf1, $aadapAppConf2, $aadapAppConf3, $aadapAppConf4 = $null, $null, $null, $null, $null

 $aadapAppConf = Get-MgBetaApplication -ApplicationId $item.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing 
 $aadapAppConf1 = Get-MgBetaApplication -ApplicationId $item.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing `
  | select singleSignOnSettings -expand SingleSignOnSettings 
 $aadapAppConf2 = Get-MgBetaApplication -ApplicationId $item.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing `
  | select verifiedCustomDomainCertificatesMetadata -expand verifiedCustomDomainCertificatesMetadata 
 $aadapAppConf3 = Get-MgBetaApplication -ApplicationId $item.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing | select OnPremisesApplicationSegments -expand OnPremisesApplicationSegments
 $aadapAppConf4 = Get-MgBetaApplication -ApplicationId $item.Id -ErrorAction SilentlyContinue -select OnPremisesPublishing | select OnPremisesPublishing -expand OnPremisesPublishing `
  | select singleSignOnSettings -expand SingleSignOnSettings | select KerberosSignOnSettings -expand KerberosSignOnSettings 
 

    if ($aadapAppConf -ne $null) {
   
      if ($ssoMode -eq "All" -Or $aadapAppConf1.SingleSignOnSettings.SingleSignOnMode -eq $ssoMode) {
    
        Write-Host $Item.DisplayName " (AppId: " $item.AppId  " / ObjectId: " $item.Id ")" -BackgroundColor "Black" -ForegroundColor "White"    

        Write-Host " "

        Write-Host "External Url: " $aadapAppConf.ExternalUrl
        Write-Host "Internal Url: " $aadapAppConf.InternalUrl
        Write-Host "Pre authentication type: " $aadapAppConf.ExternalAuthenticationType
        Write-Host " "
        Write-Host "SSO mode: " $aadapAppConf1.SingleSignOnSettings.SingleSignOnMode

      If ($aadapAppConf1.SingleSignOnMode -eq "OnPremisesKerberos") {

        Write-Host "Service Principal Name (SPN): " $aadapAppConf4.KerberosServicePrincipalName
        Write-Host "Username Mapping Attribute: " $aadapAppConf4.KerberosSignOnMappingAttributeType
      
        }
      
        Write-Host " "
        Write-Host "Backend Application Timeout: " $aadapAppConf.ApplicationServerTimeout
        Write-Host "Translate URLs in Headers: " $aadapAppConf.IsTranslateHostHeaderEnabled
        Write-Host "Translate URLs in Application Body: " $aadapAppConf.IsTranslateLinksInBodyEnabled
        Write-Host "Use HTTP-Only Cookie: " $aadapAppConf.IsHttpOnlyCookieEnabled
        Write-Host "Use Secure Cookie: " $aadapAppConf.IsSecureCookieEnabled
        Write-Host "Use Persistent Cookie: " $aadapAppConf.IsPersistentCookieEnabled
        Write-Host "Backend Certification Validation: " $aadapAppConf.IsBackendCertificateValidationEnabled
 
 
      If ($aadapAppConf3.Count -gt 0) { Write-Host "Complex App."}
      
      If ($aadapAppConf2.VerifiedCustomDomainCertificatesMetadata.Thumbprint.Length -ne 0) {
       
        Write-Host " "
        Write-Host "SSL Certificate details:"
        Write-Host "Certificate SubjectName: " $aadapAppConf2.VerifiedCustomDomainCertificatesMetadata.SubjectName
        Write-Host "Certificate Issuer: " $aadapAppConf2.VerifiedCustomDomainCertificatesMetadata.Issuer
        Write-Host "Certificate Thumbprint: " $aadapAppConf2.VerifiedCustomDomainCertificatesMetadata.Thumbprint
        Write-Host "Valid from: " $aadapAppConf2.VerifiedCustomDomainCertificatesMetadata.IssueDate
        Write-Host "Valid to: " $aadapAppConf2.VerifiedCustomDomainCertificatesMetadata.ExpiryDate
       
       } 
     
      
      $numberofFilteredAadapApps = $numberofFilteredAadapApps + 1
      
        Write-Host
      }
     

      $numberofAadapApps = $numberofAadapApps + 1          

     }
}

Write-Host "Number of the Microsoft Entra application proxy Applications: " $numberofAadapApps
Write-Host "Number of the filtered Microsoft Entra application proxy Applications: " $numberofFilteredAadapApps
Write-Host
Write-Host "Finished." -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host "To disconnect from Microsoft Graph, please use the Disconnect-MgGraph cmdlet."

Spiegazione dello script

Comando	Note
Connect-MgGraph	Connettersi a Microsoft Graph
Get-MgBetaServicePrincipal	Ottiene un'entità del servizio
Get-MgBetaApplication	Ottiene un'applicazione aziendale

Passaggi successivi

Commenti e suggerimenti

Questa pagina è stata utile?

Last updated on 2026-03-25