How to Create Email Notifications for Client Secret Expiry in Azure Enterprises Application

Question

How to Create Email Notifications for Client Secret Expiry in Azure Enterprises Application

Atul Tyagi 40

Is there any way to setup email notifications when a Client secret is about to expire for Application in Azure .

Thanks

Goutam Pratti 6,195 Reputation points Microsoft External Staff Moderator

2025-01-07T21:33:23.4033333+00:00

Hello @Atul Tyagi ,

Thank you for Reaching out Microsoft Q&A.

I hope answer provided by @Deepanshu katara is helpful.

Additionally, to share you can automate the certificates expiration notifications where Microsoft Entra ID sends an email notification 60, 30, and 7 days before the SAML certificate expires. You might add more than one email address to receive notifications.

To specify the emails you want the notifications to be sent to, see Add email notification addresses for certificate expiration.

for additional information: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/application-management-certs-faq#how-can-i-automate-the-certificates-expiration-notifications

Hope this helps. Do let us know if you any further queries.

regards,
Goutam Pratti.
Goutam Pratti 6,195 Reputation points Microsoft External Staff Moderator

2025-01-08T23:15:54.2466667+00:00

Hi @Atul Tyagi ,

We haven’t heard from you on the last response and was just checking back to see the provided answers are helpful.
Goutam Pratti 6,195 Reputation points Microsoft External Staff Moderator

2025-01-09T18:50:45.9866667+00:00

Hi @Atul Tyagi ,

We haven’t heard from you on the last response and was just checking back to see the provided answers are helpful.

2 answers

Your answer

Goutam Pratti 6,195 Reputation points Microsoft External Staff Moderator

2025-01-07T21:33:23.4033333+00:00

Hello @Atul Tyagi ,

Thank you for Reaching out Microsoft Q&A.

I hope answer provided by @Deepanshu katara is helpful.

Additionally, to share you can automate the certificates expiration notifications where Microsoft Entra ID sends an email notification 60, 30, and 7 days before the SAML certificate expires. You might add more than one email address to receive notifications.

To specify the emails you want the notifications to be sent to, see Add email notification addresses for certificate expiration.

for additional information: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/application-management-certs-faq#how-can-i-automate-the-certificates-expiration-notifications

Hope this helps. Do let us know if you any further queries.

regards,
Goutam Pratti.
Goutam Pratti 6,195 Reputation points Microsoft External Staff Moderator

2025-01-08T23:15:54.2466667+00:00

Hi @Atul Tyagi ,

We haven’t heard from you on the last response and was just checking back to see the provided answers are helpful.
Goutam Pratti 6,195 Reputation points Microsoft External Staff Moderator

2025-01-09T18:50:45.9866667+00:00

Hi @Atul Tyagi ,

We haven’t heard from you on the last response and was just checking back to see the provided answers are helpful.

Answer 1

There is no built-in way to retrieve expiring client secrets, but you can use MS Graph to fetch them and the Send-MgMailUser cmdlet to send alert notifications.

As a workaround, you can use this PowerShell script from GitHub: Get expiring certificates and client secrets

You can enhance the script by including the Send-MgMailUser cmdlet to send email notifications. The script also supports scheduling, so you can configure it in Task Scheduler with the following format:

.\AppRegistrationsWithExpiringCertAndSecrets.ps1 -ClientSecretsOnly -SoonToExpireInDays`` ``30

When scheduled, the script will check for app registrations with client secrets expiring in less than 30 days. It will then send an alert to the configured email address automatically.

Answer 2

Hello Atul, Welcome to MS Q&A

There is no built-in alerting feature for this, though it's a common ask and Microsoft will likely offer something in the future. For the time being, you will have to create your own solution based on either the Graph API or the Graph SDK for PowerShell

For reference , please check similar thread https://learn.microsoft.com/en-us/answers/questions/1570123/hot-to-get-alert-for-expiration-of-client-secrets

Also check this for ref Recommendation to renew expiring application credentials - Microsoft Entra ID | Microsoft Learn

Please let us know if any more questions

Kindly accept if it helps

Thanks

Deepanshu

Share via

How to Create Email Notifications for Client Secret Expiry in Azure Enterprises Application

2 answers

Your answer