Blog Post

Core Infrastructure and Security Blog
11 MIN READ

Use Azure Logic Apps to Notify of Pending AAD Application Client Secrets and Certificate Expirations

Russ_Rimmerman's avatar
Russ_Rimmerman
Icon for Microsoft rankMicrosoft
Nov 29, 2021

Managing the expiration dates of client secrets and certificates for Azure Active Directory (AAD) applications can be challenging, especially for organizations with numerous applications. To address this, leveraging Azure Logic Apps offers an automated solution to proactively monitor and notify administrators and application owners of impending expirations. This approach enhances security and ensures uninterrupted application functionality by providing timely alerts for necessary credential updates.

Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclai...
RussRimmerman_0-1638198579862.png
Updated Jan 29, 2025
Version 5.0
RussRimmerman
Vasilije's avatar
Vasilije
Copper Contributor
Mar 11, 2024

Hi guys, 

 

Just a brief update regarding the application deployment. When it comes to assigning permissions, for those of you who have issue with Owners such as i saw in previous pages like when :

1st. Error:
ActionConditionFailed. The execution of template action 'Condition_3' is skipped: the 'runAfter' condition for action 'Set_OwnersArray_=_Null' is not satisfied. Expected status values 'Succeeded' and actual value 'Skipped'. 

Or 
2nd. Error
When Owners array is empty when report is generated.

You need to check for the permissions of application that you provide with rights for Graph API( Application.Read.All, Application.ReadWrite.All, Directory.Read.All, or Directory.AccessAsUser.All.   ), so basically when you assign Application.Read.All permission (as least permissive), you will encounter an issue that application cannot read OWNERS pane and it will return you some of two errors mentioned above.

For me it worked to assign  Application.ReadWrite.All and  Directory.Read.All so try that first before diving more deeper into Logic App build issues. (When assigning this, you application will have more priviledges than most of your service principals but only with this case i succeded in running Logic App successfully as shown in Russ's post.