Public/Get-MoDCredentials.ps1
function Get-MoDCredentials { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateSet("EntraId")] [string] $Provider, [Parameter(Mandatory = $true)] [string] $TenantId ) try { switch ($Provider) { "EntraId" { $creds = Get-EntraMfaCredentials -TenantId $TenantId $svcId = $creds.ServicePrincipalId Write-Output "** $Provider Passwords:" $creds.Passwords | Select-Object DisplayName,EndDateTime,KeyId,StartDateTime | Format-Table | Out-String | Write-Output Write-Output "** $Provider Certificates:" $creds.Certificates | Select-Object DisplayName,EndDateTime,KeyId,StartDateTime | Format-Table | Out-String | Write-Output $help = @" ----- USE WITH CAUTION ----- ** Command for password removal Connect-MgGraph -NoWelcome -TenantId $TenantId -Scopes 'Application.ReadWrite.All'; Remove-MgServicePrincipalPassword -ServicePrincipalId $svcId -KeyId <KeyId> ** Command for certificate removal Connect-MgGraph -NoWelcome -TenantId $TenantId -Scopes 'Application.ReadWrite.All'; `$keyCreds=(Get-MgServicePrincipal -ServicePrincipalId '$svcId').KeyCredentials; Update-MgServicePrincipal -ServicePrincipalId $svcId -KeyCredentials (`$keyCreds|Where-Object { `$_.KeyId -ne '<KeyId>' }) -Confirm "@ Write-Output $help } } } catch { Write-Error $_.Exception.Message return } } |