Site icon TheWindowsUpdate.com

App Registration Expiration Monitoring and Notifications

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

 

 

Problem Statement 

Azure services do not have a native feature to report on expiring App registrations. Without a solution in place to monitor and notify on expiration of these SPN’s solutions ranging from Custom Apps, and DevOps CI\CD Pipelines too orchestration engines like Azure Automation and Logic Apps, can and will cease to function without notice. 

Solution Overview 

The solution is designed to be cross tenant and requires an App Registration\SPN in the desired environment with Global Reader rights. Utilizing Azure Automation (AA) and AA resources like Variables and Credentials our runbook pulls an array of SPN’s from the environment and calculates the time until expiration before using our custom function to send the data to a Log Analytics Workspace. Finally, Azure Monitor alerts can be triggered based on a Kusto query to notify resources that there are SPN’s within the threshold for expiration. 

 

Where can I get this solution? 

The solution is documented in detail on my GitHub repo and available for consumption immediately. 
https://github.com/Cj-Scott/Get-AppRegistrationExpiration 

Exit mobile version