Blog Post

Core Infrastructure and Security Blog
11 MIN READ

Use Azure Logic Apps to Notify of Pending AAD Application Client Secrets and Certificate Expirations

Russ_Rimmerman's avatar
Russ_Rimmerman
Icon for Microsoft rankMicrosoft
Nov 29, 2021

Managing the expiration dates of client secrets and certificates for Azure Active Directory (AAD) applications can be challenging, especially for organizations with numerous applications. To address this, leveraging Azure Logic Apps offers an automated solution to proactively monitor and notify administrators and application owners of impending expirations. This approach enhances security and ensures uninterrupted application functionality by providing timely alerts for necessary credential updates.

Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclai...
RussRimmerman_0-1638198579862.png
Updated Jan 29, 2025
Version 5.0
RussRimmerman
paulAZDania's avatar
paulAZDania
Copper Contributor
Jul 26, 2024

EPfaffinger I'm really sorry to be asking a question that's silly, it's just that I can't figre it out.

 

it's a question around using this for multiple tenants. I've got it set up for one tenant at the moment, all tested and working. Next, I want to bring in another tenant. Should I be creating a logic app per tenant? Can I use the same keyvault? 

 

How I've got it working at the moment is like this:

 

I've created the logic app in [Tenant A] where our O365 licensing is valid for, the azure keyvault is also in this tenant, I like to call this the master tenant

Then the app registrations, service principals that I'm tracking for expiry are in [Tenant B] let's call this the slave tenant

The Logic app in the master tenant is using the default naming in the guide provided by Russ_Rimmerman 

 

Logic app: azure-application-notification

Key vault: I've used an existing key vault but the names client-id, client-secret and tenant-id are unchaged as per the guide, these have the values for the only slave tenant that I'm currently reporting for. 

 

The Question is, given the above setup, how do I bring in a second slave tenant or Tenant C? 

 

Thanks for your patience 🙏