Share via

Alerts for app registration client secret

Santhya Rama S 120 Reputation points
2023-08-08T06:42:53.0766667+00:00

Hi,

We have a client secret for an app registration in azure which got expired. Could you please clarify the below queries?

  1. Is there a default alert send by azure before the secret expiry, if so to whom the mail is sent like app owner, app creator, etc
  2. If there is no alert send, how can we configure one without using external utility so that necessary associates can be notified in before hand.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2023-08-09T08:06:42.64+00:00

    @Santhya Rama S Just check if this approach mentioned over here - https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/use-power-automate-to-notify-of-upcoming-azure-ad-app-client/ba-p/2406145/page/2#comments helps to resolve your requirement (Alerts for app registration client secret).

    Let me know if you have any further questions, feel free to post back.

    3 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 119.9K Reputation points MVP Volunteer Moderator
    2023-08-08T07:24:02.6033333+00:00

    No, there is no default alert being sent, only a message displayed in the UI. It's easy enough to create your own solution though, as the Graph API exposes the validity of client secrets. In a nutshell, you need to get the app object and check the keyCredentials resource: https://learn.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0

    If you need more detailed example, here's a sample script you can start with: https://www.michev.info/blog/post/3665/azure-ad-application-registration-inventory-script

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.