获取具有令牌生存期策略的所有应用程序代理应用
在该 PowerShell 脚本示例中,可找到你的目录中具有生存期令牌策略的所有 Microsoft Entra 应用程序代理应用程序,还可找到该策略的相关详细信息。
如果没有 Azure 订阅,请在开始之前创建一个 Azure 免费帐户。
注意
建议使用 Azure Az PowerShell 模块与 Azure 交互。 请参阅安装 Azure PowerShell 以开始使用。 若要了解如何迁移到 Az PowerShell 模块,请参阅 将 Azure PowerShell 从 AzureRM 迁移到 Az。
此示例需要使用 Microsoft Graph Beta 版 PowerShell 模块 2.10 或更高版本。
示例脚本
# This sample script gets all Microsoft Entra proxy applications that have assigned an Azure AD policy (token lifetime) with policy details.
# Reference:
# Configurable token lifetimes in Azure Active Directory (Preview)
# https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
#
# Version 1.0
#
# This script requires PowerShell 5.1 (x64) or beyond and one of the following modules:
#
# Microsoft.Graph.Beta ver 2.10 or newer
#
# Before you begin:
#
# Required Microsoft Entra role: Global Administrator or Application Administrator
# or appropriate custom permissions as documented https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-app-permissions
#
#
Import-Module Microsoft.Graph.Beta.Applications
Connect-MgGraph -Scope Directory.Read.All -NoWelcome
Write-Host "Reading service principals. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$aadapServPrinc = Get-MgBetaServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"}
Write-Host "Reading Microsoft Entra applications. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$allApps = Get-MgBetaApplication -Top 100000
Write-Host "Reading application. This operation might take longer..." -BackgroundColor "Black" -ForegroundColor "Green"
$aadapApp = $null
foreach ($item in $aadapServPrinc) {
foreach ($item2 in $allApps) {
if ($item.AppId -eq $item2.AppId) {[array]$aadapApp += $item2}
}
}
foreach ($item in $aadapApp)
{
$Policies = $Null
$Policies = Get-MgBetaApplicationTokenLifetimePolicy -ApplicationId $item.Id
if ($Policies -ne $Null) {
Write-Host ("")
Write-Host $item.DisplayName + " (AppId: " + $item.AppId + ")" -BackgroundColor "Black" -ForegroundColor "White"
Write-Host ("")
Write-Host ("Assigned policy:")
Write-Host ("")
Write-Host ("Policy Id: " + $Policies.Id)
Write-Host ("DisplayName: " + $Policies.DisplayName)
Write-Host ("Definition: " + $Policies.Definition)
Write-Host ("Org. default: " + $Policies.IsOrganizationDefault)
Write-Host ("")
}
}
Write-Host ("")
Write-Host ("Finished.") -BackgroundColor "Black" -ForegroundColor "Green"
Write-Host "To disconnect from Microsoft Graph, please use the Disconnect-MgGraph cmdlet."
脚本说明
Command | 说明 |
---|---|
Connect-MgGraph | 连接到 Microsoft Graph |
Get-MgBetaServicePrincipal | 获取服务主体 |
Get-MgBetaApplication | 获取企业应用程序 |
Get-MgBetaApplicationTokenLifetimePolicy | 列出分配给应用程序或服务主体的策略 |