Forum Discussion
monitor the client certificate expiration dates
I would like to monitor the client (windows) certificate expiration dates on the clients and be informed shortly before the expire. Is this possible with Intune and can you please give me a hint how?
Thanks for your support
5 Replies
Thank you. That's what I thought, but I wasn't sure. I will run a script on the clients weekly via Intune. This script sends the certificate data, enriched with the client ID of the laptop, in JSON format via HTTPS to an Azure Logic App. This Logic App processes the data and inserts it into a SharePoint list. The list can be used for reporting and alerting.
Thank you. That's what I thought, but I wasn't sure.
My thought was to roll out a script via Intune. The script runs on windows starts and sends the certificate data (including client id) via HTTPS to an Azure Logic App and this transfers the data to a SharePoint list. Reporting can then run on the SharePoint list.Many thanks for your support.
Stefan
Hy,
yes, you could try using SP to see your reports or try my suggestions with a Blob.
In any case, will be nice to here if you could realize this with an Azure Logic app.
Good luck!
Great question, in Microsoft Intune, monitoring client certificate expiration dates isn't directly built into the portal, but you can track certificates using PowerShell scripts or Log Analytics. To query the certificate expiration dates on enrolled devices using PowerShell run the following:
Get-ChildItem -Path Cert:\LocalMachine\My | Select-Object Subject, NotAfter | Format-Table -AutoSize
Hy,
technically it is possible to create reports using Data Warehouse and PowerBi that give you the information ragarding certificates or you could go with Azure Logic App and Microsoft Graph to querry the certificate.
The simple solution until you find a better one that suits you would be either a detection/remediation that runs once a week or per month and dumps the logs to an Azure Blob Storage.
Check it out, you need to customize it to your needs.
Good luck!
# Import the Azure module
Import-Module Az# Define Azure Blob Storage details
$StorageAccountName = "<YourStorageAccountName>"
$StorageAccountKey = "<YourStorageAccountKey>"
$ContainerName = "<YourContainerName>"
$BlobName = "CertificatesInfo.json"# Define the local file to store certificate information temporarily
$LocalFilePath = "$env:TEMP\CertificatesInfo.json"# Query certificates from the local machine
$Certificates = Get-ChildItem -Path Cert:\LocalMachine\My | Select-Object Thumbprint, Subject, Issuer, NotBefore, NotAfter# Convert the certificate information to JSON and save it to a file
$Certificates | ConvertTo-Json -Depth 10 | Out-File -FilePath $LocalFilePath -Encoding utf8# Connect to Azure Storage Account
$Context = New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $StorageAccountKey# Upload the file to Azure Blob Storage
Set-AzStorageBlobContent -File $LocalFilePath -Container $ContainerName -Blob $BlobName -Context $Context# Clean up the local file
Remove-Item -Path $LocalFilePath -ForceWrite-Host "Certificate information uploaded to Azure Blob Storage successfully."
