Script to list all App Registrations that start with a certain name, i.e. "prefix-app-t-" and then list the credentials that are expired or about to expire. This script is created using Python 3.12 on Ubuntu (WSL2)
python -m venv .venv
source .venv/bin/activate
pip install pip-tools
pip install -r requirements.txt
sudo apt-get update
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
curl -sL https://packages.microsoft.com/keys/microsoft.asc |
gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
echo "deb [arch=$(dpkg --print-architecture)] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" |
sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli
az login
az account get-access-token --resource-type ms-graph --query accessToken -o tsv > access_token.txt
If not set, no proxy will be used.
export HTTPS_PROXY=http://10.0.0.1:8080
python check_app_registrations.py
# Example output
Found token
Using proxy: http://10.0.0.1:8080
Data written to /home/dennis/workspaces/credentials_check/out_app_registrations.json
Found 3 apps
App: prefix-app-t-test1 (AppId: abcdefg-1234-hijk-56789-a1b2c3d4e5f6)
App: prefix-app-t-test2 (AppId: abcdefg-1234-hijk-56789-a1b2c3d4e5f7)
App: prefix-app-t-test3 (AppId: abcdefg-1234-hijk-56789-a1b2c3d4e5f8)
Password Credentials: Secret for Test3 (End: 2025-10-03) - EXPIRING SOON
Key Credentials: Key for Test3 (End: 2025-08-21) - EXPIRED
Best to write the found credentials to a Log Anaytics custom table and then write query alerts to send these to your notification channel of choice.