Blog Post

Core Infrastructure and Security Blog
11 MIN READ

Use Azure Logic Apps to Notify of Pending AAD Application Client Secrets and Certificate Expirations

Russ_Rimmerman's avatar
Russ_Rimmerman
Icon for Microsoft rankMicrosoft
Nov 29, 2021

Managing the expiration dates of client secrets and certificates for Azure Active Directory (AAD) applications can be challenging, especially for organizations with numerous applications. To address this, leveraging Azure Logic Apps offers an automated solution to proactively monitor and notify administrators and application owners of impending expirations. This approach enhances security and ensures uninterrupted application functionality by providing timely alerts for necessary credential updates.

Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclai...
RussRimmerman_0-1638198579862.png
Updated Jan 29, 2025
Version 5.0
RussRimmerman
AlekseyBogs's avatar
AlekseyBogs
Copper Contributor
Jun 22, 2023

Russ_Rimmerman @Vitalii_Kopach

Great work, Russ!

exactly what we need, our current script uses "AzureRunAsConnection" that will be retired soon...

 

Re: App Proxy exclusion.

I asked the support about that and was told, quote:

 

1) "do NOT touch the AAD AP app expired certificates. They are maintained by backend automatically. Even deleting expired cert, it may break the service". Meaning that monitoring their secrets expiration is probably pointless?

2) "You can use command Get-AzureADServicePrincipal -all $true | where Tags -contains "WindowsAzureActiveDirectoryOnPremApp” to filter out all application proxy applications."

is it possible to add this filter to the logic?

 

thank you,

Alex

Is it possible to use that specific tag to filter out app proxies?