Blog Post

Core Infrastructure and Security Blog
11 MIN READ

Use Azure Logic Apps to Notify of Pending AAD Application Client Secrets and Certificate Expirations

Russ_Rimmerman's avatar
Russ_Rimmerman
Icon for Microsoft rankMicrosoft
Nov 29, 2021

Managing the expiration dates of client secrets and certificates for Azure Active Directory (AAD) applications can be challenging, especially for organizations with numerous applications. To address this, leveraging Azure Logic Apps offers an automated solution to proactively monitor and notify administrators and application owners of impending expirations. This approach enhances security and ensures uninterrupted application functionality by providing timely alerts for necessary credential updates.

Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclai...
RussRimmerman_0-1638198579862.png
Updated Jan 29, 2025
Version 5.0
RussRimmerman
ABY-VARGHESE's avatar
ABY-VARGHESE
Copper Contributor
Dec 05, 2024

Hi Russ,

I have deployed the Logic App following your instructions. Additionally, I created the SPN and assigned all the required Graph API permissions (attached for reference). However, when I run the Logic App, I encounter an error at the second step, "Tenant-id."

 

Please take a look at the Key Vault API connection (attached)

)

I have also tried assigning the "Key Vault Administrator" RBAC role to both the SPN and the Logic App's Managed Identity, but the issue persists. Am I overlooking something?

 

"status": 401,

"message": "Operation failed because client does not have permission to perform the operation on the key vault. Please check your permissions in the key vault access policies https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy-portal.\r\nclientRequestId: 2efeb369-33f7-4d49-89b2-811de37663ff",

"error": {

"message": "Operation failed because client does not have permission to perform the operation on the key vault. Please check your permissions in the key vault access policies https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy-portal."

},

"source": "keyvault-ae.azconn-ae-001.p.azurewebsites.net"

}