下列要求可用來使用 Microsoft Graph API 擷取建議和受影響的資源。 若要使用 Microsoft Graph API,您需要 DirectoryRecommendations.Read.All 和 DirectoryRecommendations.ReadWrite.All 許可權。 如需詳細資訊,請參閱 如何使用身分識別建議。
- 登入 Graph 總管。
- 從下拉式清單中選取 [GET] 作為 HTTP 方法。
若要擷取租使用者的所有建議:
GET https://graph.microsoft.com/beta/directory/recommendations
從回應中,尋找符合下列模式的建議標識碼: {tenantId}_Microsoft.Identity.IAM.Insights.ApplicationCredentialExpiry。
若要識別受影響的資源:
GET https://graph.microsoft.com/beta/directory/recommendations/{tenantId}_Microsoft.Identity.IAM.Insights.ApplicationCredentialExpiry
若要根據資源的狀態來篩選資源(例如作用中的資源):
GET https://graph.microsoft.com/beta/directory/recommendations/536279f6-15cc-45f2-be2d-61e352b51eef_Microsoft.Identity.IAM.Insights. ApplicationCredentialExpiry’/impactedResources?$filter=status eq Microsoft.Graph.recommendationStatus'active'
記下 AppId您想要移除的、 CredentialId和 Origin 認證。 若要移除認證,請使用下列Microsoft Graph 指引:
範例回覆
{
"id": "536279f6-15cc-45f2-be2d-61e352b51eef_Microsoft.Identity.IAM.Insights.ApplicationCredentialExpiry",
"recommendationType": "applicationCredentialExpiry",
"createdDateTime": "2022-06-08T00:08:01Z",
"impactStartDateTime": "2022-06-08T00:08:01Z",
"postponeUntilDateTime": null,
"lastModifiedDateTime": "2024-07-29T12:03:16Z",
"lastModifiedBy": "System",
"displayName": "Renew expiring application credentials",
"featureAreas": [
"applications"
],
"insights": "Your tenant has applications with credentials that will expire soon.",
"benefits": "Renewing the app credential(s) before its expiration ensures the application continues to function and reduces the possibility of downtime due to an expired credential.",
"category": "identityBestPractice",
"status": "active",
"priority": "high",
"requiredLicenses": "microsoftEntraWorkloadId",
"impactType": "apps",
"actionSteps": [
{
"stepNumber": 1,
"text": "1. Navigate to the App registration section and locate the application for which the credential needs to be rotated."
},
{
"stepNumber": 2,
"text": "2. Navigate to the “Certificates & Secrets” blade of the app registration."
},
{
"stepNumber": 3,
"text": "3. Pick the credential type that you want to rotate and navigate to either “Certificates” or “Client Secret” tab and follow the prompts.",
"actionUrl": null
},
{
"stepNumber": 4,
"text": "4. Once the certificate or secret is successfully added, update the service code to ensure it works with the new credential and has no negative customer impact. You should use Microsoft Entra ID’s sign-in logs to validate that the thumbprint of the certificate matches the one that was just uploaded.",
"actionUrl": null
},
{
"stepNumber": 5,
"text": "5. After validating the new credential, navigate back to the Certificates and Secrets blade for the app and remove the old credential.",
"actionUrl": null
}
]
}
![建議的螢幕快照,其中已醒目提示 [更多詳細數據] 選項。](media/recommendation-renew-expiring-application-credential/recommendation-renew-expiring-app-credentials.png)
![Microsoft Entra ID 之 [憑證與密碼] 區段的螢幕擷取畫面。](media/recommendation-renew-expiring-application-credential/app-certificates-secrets.png)
![建議的螢幕快照,其中已醒目提示 [更多詳細數據] 選項。](media/recommendation-renew-expiring-application-credential/recommendation-renew-expiring-app-credentials-expanded.png#lightbox)
![Microsoft Entra ID 之 [憑證與密碼] 區段的螢幕擷取畫面。](media/recommendation-renew-expiring-application-credential/app-certificates-secrets-expanded.png#lightbox)