Blog Post

Core Infrastructure and Security Blog
11 MIN READ

Use Azure Logic Apps to Notify of Pending AAD Application Client Secrets and Certificate Expirations

Russ_Rimmerman's avatar
Russ_Rimmerman
Icon for Microsoft rankMicrosoft
Nov 29, 2021

Managing the expiration dates of client secrets and certificates for Azure Active Directory (AAD) applications can be challenging, especially for organizations with numerous applications. To address this, leveraging Azure Logic Apps offers an automated solution to proactively monitor and notify administrators and application owners of impending expirations. This approach enhances security and ensures uninterrupted application functionality by providing timely alerts for necessary credential updates.

Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclai...
RussRimmerman_0-1638198579862.png
Updated Jan 29, 2025
Version 5.0
RussRimmerman
AengusM's avatar
AengusM
Brass Contributor
Jul 07, 2022

Thanks for this Russ_Rimmerman  really helpful!

FYI, I'm seeing an issue where after editing the logic app in designer, eg adding a new email address and adding email importance field, next logic app run is not returning accurate results.

In the inaccurate email, details in all fields are correct compared to successful run, except, for the ApplicationId and Displayname columns.

i.e. The number of apps listed in the inaccurate run are correct and they are in the same order as previous email but while the appid and displayname are aligned to one another, but they are random apps which are not in any way aligned to the other fields / are not apps that have expiring secrets/certs.
I can resolve the issue by deleting the logic app and connectors, editing the template json and re-importing.
I haven't got to root cause just yet and may not have time in next few days so wanted to call out now.

I haven't tested editing in code view yet and I am also wondering if I'm running subsequent runs too close together, ie graph connection still open or something cached.

Aengus