List App Principle Expiry in SharePoint Online

In a recent scenario with a client, we started to notice that some apps created over a year ago have started to expire. After investigating the cause, the default lifetime for an Client ID and Secret is 1 year, Yikes!

Once this has expired your apps will stop working!  It is worth knowing when these principles expire, so from the Microsoft articles we have extracted the PowerShell used to list when these apps could expire.

Prerequisites before running the script

  • Microsoft Online Services Sign-In Assistant is installed on the development computer.
  • Microsoft Online Services PowerShell Module (32-bit; 64-bit) is installed on the development computer.
  • You need to be a tenant administrator for the Office 365 tenant where the add-in was registered with.

 Code

The code for listing apps and their expiry is fairly straight forward and much of it is provided on MSDN, we have made a few tweaks to output to CSV, for tenants with large amounts of apps.


# Connect to SharePoint Online
Connect-MsolService 

# File containing details of the app expiry status
$outputFile = (Resolve-Path .\).Path + "\ListOfApps.csv"

# Collect the app principles from the tenancy and output to file
$listOfApps = Get-MsolServicePrincipal  | Where-Object -FilterScript { ($_.DisplayName -notlike "*Microsoft*") -and ($_.DisplayName -notlike "autohost*") -and ($_.ServicePrincipalNames -notlike "*localhost*") } 

# Array of the app details
$appDetails = @()

foreach ($app in $listOfApps) {
    $principalId = $app.AppPrincipalId
    $principalName = $app.DisplayName

    # Collect details about the app
    Get-MsolServicePrincipalCredential -AppPrincipalId $principalId -ReturnKeyValues $true | Where-Object { ($_.Type -ne "Other") -and ($_.Type -ne "Asymmetric") } | ForEach-Object {
        $date = $_.EndDate.ToShortDateString()

        $appDetail = New-Object PSObject
        $appDetail | Add-Member -MemberType NoteProperty -Name "PrincpleName" -Value "$($principalName)"
        $appDetail | Add-Member -MemberType NoteProperty -Name "PrincipleId" -Value "$($principalId)"
        $appDetail | Add-Member -MemberType NoteProperty -Name "Key" -Value "$($_.KeyId)"
        $appDetail | Add-Member -MemberType NoteProperty -Name "Type" -Value "$($_.type)"
        $appDetail | Add-Member -MemberType NoteProperty -Name "ExpiryDate" -Value "$($date)"
        $appDetail | Add-Member -MemberType NoteProperty -Name "Usage" -Value "$($_.Usage)"
        $appDetail | Add-Member -MemberType NoteProperty -Name "Value" -Value "$($_.Value)"

        $appDetails += $appDetail

        $appDetail
    }
} 

$appDetails | Export-Csv -Path $outputFile -NoTypeInformation

Write-Host "File created: " $outputFile

Full source code can be found on GitHub at: SharePoint-PowerShell / List App Principles / ListAppPrinciples.ps1

Replacing the Client Secret

For full details on the process for replacing the secret, see this article on MSDN  which details this process. With this process you can increase the expiry date up to 3 years.

References

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s