How ever there is no direct way to get it rotate secrect, here is the script to get app registration about to expires within 15 days (you can change the time limit).
you can add this script in the pipeline or any automation runbook to send a mail communication.
it will prompt the application name and expiry date.
$application = Get-AzureADApplication
$application | Export-Csv -Path "C:/AzureADApplications.csv" -NoTypeInformation
$applications = Import-Csv -Path "C:/AzureADApplications.csv"
foreach ($app in $applications) {
$appId = $app.AppId
$appDetails = Get-AzureADApplication -Filter "AppId eq '$appId'"
if ($appDetails) {
$expiryDate = $appDetails.PasswordCredentials.EndDate
$app | Add-Member -MemberType NoteProperty -Name "AppIdExpiryDate" -Value $expiryDate
} else {
Write-Warning "Application with AppId '$appId' not found."
}
}
$applications | Export-Csv -Path "C:/AzureADApplications1.csv" -NoTypeInformation
$csvData = Import-Csv -Path "C:/AzureADApplications1.csv"
foreach ($row in $csvData) {
if ($null -eq $row."AppIdExpiryDate") {
continue
}
$expiryDate = $row."AppIdExpiryDate"
try {
$expiryDateTime = [datetime]::Parse($expiryDate)
} catch {
continue
}
$daysUntilExpiry = ($expiryDateTime - (Get-Date)).Days
if ($daysUntilExpiry -le 15 -and $daysUntilExpiry -gt 0) {
Write-Host "Application Name: $($row.DisplayName)"
Write-Host "Expiry Date: $($row.'AppIdExpiryDate')"
}
}