Skip to main content

SYNOPSIS

Retrieves all Microsoft Entra ID applications and their credentials (key and password).

SYNTAX

All (Default)

ByObjectId

ByDisplayName

DESCRIPTION

This function returns a list of all Microsoft Entra ID applications with their credentials information, including key credentials and password credentials, along with their validity status. The function also retrieves the owners of each application.

EXAMPLES

EXAMPLE 1

Retrieves all Microsoft Entra ID applications and their credentials.

EXAMPLE 2

Forces sequential processing even on PowerShell 7+ (useful for debugging or to avoid concurrent Graph calls).

EXAMPLE 3

Retrieves the credentials for a specific application by its ObjectID.

EXAMPLE 4

Retrieves the credentials for a specific application by its DisplayName.

EXAMPLE 5

Retrieves the credentials for all applications whose DisplayName starts with “Azure”.

EXAMPLE 6

Retrieves the credentials for all applications whose DisplayName contains “Portal”.

EXAMPLE 7

Forces the function to disconnect and reconnect to Microsoft Graph to obtain a new access token.

EXAMPLE 8

Gets all application credentials and exports them to an Excel file.

EXAMPLE 9

EXAMPLE 10

Gets all application credentials using managed identity authentication and sends notification for credentials expiring within 30 days.

EXAMPLE 11

Gets all application credentials using managed identity and sends email notification for credentials expiring within 7 days.

PARAMETERS

-ObjectID

(Optional) Retrieves the credentials for a specific application by its ObjectID.

-DisplayName

(Optional) Retrieves the credentials for a specific application by its DisplayName. Supports wildcards (* and ?) for partial name matching (e.g. “Azure*”, “Portal”).

-ExportToExcel

(Optional) If specified, exports the results to an Excel file in the user’s profile directory.

-ExportPath

Optional output directory for the Excel export (defaults to the user profile).

-ForceNewToken

(Optional) Forces the function to disconnect and reconnect to Microsoft Graph to obtain a new access token.

-RunFromAzureAutomation

(Optional) If specified, uses managed identity authentication instead of interactive authentication. This is useful when running the script in Azure environments like Azure Functions, Logic Apps, or VMs with managed identity enabled. When this parameter is used, ExpirationThresholdDays, NotificationRecipient and NotificationSender are required. PowerShell modules used in Azure Automation must be a MAXIMUM of version 2.25.0 when using PowerShell < 7.4.0, because starting from version 2.26.0, PowerShell 7.4.0 is required, and Azure Automation does not support it yet as of February 2026. For PowerShell 7.4.0+, there are no version restrictions. https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3147 https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3151 https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/3166

-ExpirationThresholdDays

(Required when RunFromAzureAutomation is enabled) Number of days threshold for expiration notification. Default is 30 days.

-NotificationRecipient

(Required when RunFromAzureAutomation is enabled) Email address to receive expiration notifications.

-NotificationSender

(Required when RunFromAzureAutomation is enabled) Email address of the sender for expiration notifications.

-DisableParallel

(Optional) Forces sequential processing. By default, on PowerShell 7+ the function processes applications in parallel (ForEach-Object -Parallel) to speed up discovery; on PowerShell 5.1 it always runs sequentially.

-ThrottleLimit

(Optional) Maximum number of concurrent runspaces when running in parallel. Default is 5. Keep this value moderate to avoid Microsoft Graph throttling (HTTP 429).

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

https://ps365.clidsys.com/docs/commands/Get-MgApplicationCredential