Azure services do not have a native feature to report on expiring App registrations. Without a solution in place to monitor and notify on expiration of these SPN’s solutions ranging from Custom Apps, and DevOps CI\CD Pipelines too orchestration engines like Azure Automation and Logic Apps, can and will cease to function without notice.
The solution is designed to be cross tenant and requires an App Registration\SPN in the desired environment with Global Reader rights. Utilizing Azure Automation (AA) and AA resources like Variables and Credentials our runbook pulls an array of SPN’s from the environment and calculates the time until expiration before using our custom function to send the data to a Log Analytics Workspace. Finally, Azure Monitor alerts can be triggered based on a Kusto query to notify resources that there are SPN’s within the threshold for expiration.
Where can I get this solution?
The solution is documented in detail on my GitHub repo and available for consumption immediately.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.