How to Create Email Notifications for Client Secret Expiry in Azure Enterprises Application

Atul Tyagi 20 Reputation points
2025-01-07T11:36:07.33+00:00

Is there any way to setup email notifications when a Client secret is about to expire for Application in Azure .

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,899 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Deepanshu katara 12,960 Reputation points
    2025-01-07T12:24:45.6666667+00:00

    Hello Atul, Welcome to MS Q&A

    There is no built-in alerting feature for this, though it's a common ask and Microsoft will likely offer something in the future. For the time being, you will have to create your own solution based on either the Graph API or the Graph SDK for PowerShell

    For reference , please check similar thread https://learn.microsoft.com/en-us/answers/questions/1570123/hot-to-get-alert-for-expiration-of-client-secrets

    Also check this for ref Recommendation to renew expiring application credentials - Microsoft Entra ID | Microsoft Learn

    Please let us know if any more questions

    Kindly accept if it helps

    Thanks

    Deepanshu

    0 comments No comments

  2. Kavya 160 Reputation points
    2025-01-08T08:34:45.4666667+00:00

    There is no built-in way to retrieve expiring client secrets, but you can use MS Graph to fetch them and the Send-MgMailUser cmdlet to send alert notifications.

    As a workaround, you can use this PowerShell script from GitHub: Get expiring certificates and client secrets

    You can enhance the script by including the Send-MgMailUser cmdlet to send email notifications. The script also supports scheduling, so you can configure it in Task Scheduler with the following format:

    .\AppRegistrationsWithExpiringCertAndSecrets.ps1 -ClientSecretsOnly -SoonToExpireInDays`` ``30

    When scheduled, the script will check for app registrations with client secrets expiring in less than 30 days. It will then send an alert to the configured email address automatically.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.