I think this is a topic i have already seen a few times, but due to some changes i hope its appropriate to ask again.
In our Azure we have applications / app registrations which have a client secret which will expire.
As far as i know, there is no standard functionality from Azure to get notified about this. I only find out a secret is expired if:
- The application doesnt work anymore and users complain
- I manually and regularly check what will expire next, create myself reminders etc.
Looking around the web i found multiple scripts which can be executed either in powershell or a automation runbook. Examples include:
https://github.com/kevinferretti/misc-scripts/blob/1433c4086fce47c8410bb221cefe38826587974d/CheckForExpiredClientSecrets.ps1
https://github.com/demiliani/PowershellCloudScripts/blob/master/AzureADCheckSecretsToExpire.ps1
While personally i couldnt get these to run due to permissions issues, i stumbled upon this announcement:
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/important-azure-ad-graph-retirement-and-powershell-module/ba-p/3848270
If i understand correctly, even if i get the scripts to work, some modules used will be deprecated in a while.
My question is: Is there any new way to get notified here or a best practice? Or do we still need to write / run a script ourselves, though not with Azure AD powershell comands but with MS Graph powershell?
If someone has a working script, feel free to share it!