Azure AD Enterprise Apps may be using a custom SSL certificate for Azure App Proxy. The following PowerShell script checks to see if any of the SSL certificate have expired.
# List Azure AD Enterprise Apps with expired SSL certificates Import-Module AzureAD try { $var = Get-AzureADTenantDetail } catch [Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException] { Connect-AzureAD } $aadapServPrinc = Get-AzureADServicePrincipal -Top 100000 | where-object {$_.Tags -Contains "WindowsAzureActiveDirectoryOnPremApp"} Write-Host "Reading Azure AD applications..." $allApps = Get-AzureADApplication -Top 100000 Write-Host "Reading applications..." $aadapApp = $aadapServPrinc | ForEach-Object { $allApps -match $_.AppId} $count = $aadapApp.count Write-Host ("$count apps found") $expired = 0 foreach ($item in $aadapApp) { $appname = $item.DisplayName $tempApps = Get-AzureADApplicationProxyApplication -ObjectId $item.ObjectId $url = $tempApps.ExternalUrl $cert = $tempApps.VerifiedCustomDomainCertificatesMetadata $ssl = $cert.SubjectName if($cert -ne $null){ $issuedate = $cert.IssueDate $expirydate = $cert.ExpiryDate $ed=[Datetime] $expirydate Write-Host ("") Write-Host ("App: $appname") Write-Host ("External Url: $url") Write-Host ("SSL Name: $ssl") Write-Host ("Issue Date: $issuedate") if($ed -lt (Get-Date)) { Write-Host ("Expiry Date: $expirydate (EXPIRED)") -ForegroundColor "Red" $expired = $expired + 1 } else { Write-Host ("Expiry Date: $expirydate") -ForegroundColor "Green" } } #Write-Host ("$tempapps") -ForegroundColor "Gray" } Write-Host ("") Write-Host ("Finished. $expired expired.") Write-Host ("")
Then SSL certificates can be replaced if expired.
This is the blog of Paul Farris. My main points of interest: Microsoft/Office 365, Exchange, Sharepoint, Teams/Skype, EMS, SQL Server, Powershell, VMWare, IBM Notes, Blackberry.
SFBookcase.com