question

KomoroskeGina-5094 avatar image
0 Votes"
KomoroskeGina-5094 asked ·

Service Principal - find detailed information

Hello,
We have discovered a service principal was created and granted Global Admin rights in our Azure AD. No one seems to know what this account is used for and why it has GA rights.

How can I find out the details of this account, such as, when was it created, who created it, what it's tied to (apps??), is it even being used anywhere, etc?

I've done a CLI command (az ad sp show --id) and I only get this info below. The only thing that gives me any inclination at all is the password credentials section and it appears it has expired? Any insight is appreciated!

az ad sp show --id NUMBER
{
"accountEnabled": "True",
"addIns": [],
"alternativeNames": [],
"appDisplayName": null,
"appId": "NUMBER",
"appOwnerTenantId": null,
"appRoleAssignmentRequired": false,
"appRoles": [],
"applicationTemplateId": null,
"deletionTimestamp": null,
"displayName": "NAME",
"errorUrl": null,
"homepage": null,
"informationalUrls": null,
"keyCredentials": [],
"logoutUrl": null,
"notificationEmailAddresses": [],
"oauth2Permissions": [],
"objectId": "NUMBER",
"objectType": "ServicePrincipal",
"odata.metadata": "https://graph.windows.net/NUMBER/$metadata#directoryObjects/@Element",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
"passwordCredentials": [
{
"additionalProperties": null,
"customKeyIdentifier": null,
"endDate": "2015-12-30T17:50:06.145771+00:00",
"keyId": "NUMBER",
"startDate": "2014-12-30T17:50:06.145771+00:00",
"value": null
}
],
"preferredSingleSignOnMode": null,
"preferredTokenSigningKeyEndDateTime": null,
"preferredTokenSigningKeyThumbprint": null,
"publisherName": null,
"replyUrls": [],
"samlMetadataUrl": null,
"samlSingleSignOnSettings": null,
"servicePrincipalNames": [
"NUMBER",
"NAME"
],
"servicePrincipalType": "Legacy",
"signInAudience": null,
"tags": [],
"tokenEncryptionKeyId": null

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered ·
· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

hi - yes, we looked at the Azure AD audit logs, but they do not contain this account anywhere (in the last 30 days)

0 Votes 0 ·