{"id":20306,"date":"2022-02-10T07:40:47","date_gmt":"2022-02-10T12:40:47","guid":{"rendered":"https:\/\/www.eginnovations.com\/blog\/?p=20306"},"modified":"2022-11-17T18:44:59","modified_gmt":"2022-11-17T23:44:59","slug":"azure-ad-app-client-secret-certificate-expirations-alerts","status":"publish","type":"post","link":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/","title":{"rendered":"Why You Should Monitor Azure AD App Client Secret and Certificate Expirations"},"content":{"rendered":"<div class=\"inner_content\">\n<h2>Monitoring and Alerting on Azure AD App Client Secret and Certificate Expirations<\/h2>\n<p>The <strong>Azure Active Directory (Azure AD)<\/strong> is Microsoft\u2019s cloud-based <strong>identity and access management (IAM)<\/strong> service and an <strong>identity provider (IdP).<\/strong><\/p>\n<p><strong>Azure AD<\/strong> is the backbone for authentication in <strong>Microsoft 365<\/strong> and for thousands of cloud-based <strong>SaaS applications.<\/strong><\/p>\n<p>Azure AD provides several features for your organization and one of the features is the <strong>Microsoft Identity Platform.<\/strong> This feature helps developers to build applications where users and customers can sign into the application using their Microsoft identities or social accounts and get authorized access to application APIs or Microsoft APIs like \u201cMicrosoft Graph\u201d.<\/p>\n<p>You should register your application with Azure AD to prove your Identity and access resources in both Azure and Office 365 programmatically. Infrastructure as code (IaC) and DevOps Pipeline require an App registration in Azure AD for their automation.<\/p>\n<p style=\"margin-bottom: 15px;\">When you register an Azure AD application in the <a href=\"https:\/\/portal.azure.com\/\" target=\"blank\" rel=\"noopener noreferrer\">Azure portal,<\/a> two objects are created in your Azure AD Tenant:<\/p>\n<ul>\n<li>An application objects<\/li>\n<li>A service principal object<\/li>\n<\/ul>\n<h3>Application Objects<\/h3>\n<p>An Azure AD application is identified by an application object that resides in the Azure AD tenant where the application is registered. The application object is used as a template or blueprint to create one or more service principal objects.<\/p>\n<p style=\"margin-bottom: 15px;\">The application object describes three aspects of an application:<\/p>\n<ul>\n<li>How the service can issue tokens to access the application<\/li>\n<li>Resources that the application might need to access<\/li>\n<li>The actions that the application can take<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-app-registrations-view.jpg\" data-rel=\"lightbox-image-0\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20380\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-app-registrations.jpg\" alt=\"Azure AD App Registrations screen\" width=\"850\" height=\"334\" border=\"0\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 1: Azure AD App Registrations<\/div>\n<h3>Service Principal Object\/Enterprise Applications<\/h3>\n<p>An application object on its own cannot do much really. After all, it is only a definition of the application.<\/p>\n<p>This is where the Enterprise Application (Service Principal) comes into the picture. The enterprise application (service principal) object is an instance of Azure AD App registration. To access resources that are secured by an <strong>Azure AD tenant,<\/strong> the entity that requires access must be represented by a <strong>security principal.<\/strong> This requirement is true for both users <strong>(user principal)<\/strong> and applications <strong>(service principal).<\/strong><\/p>\n<p>Every Application Object created through the Azure Portal, or using the Microsoft Graph APIs, or AzureAD PS (a PowerShell) module would create a corresponding Service Principal Object in Enterprise applications as shown below and inherits certain properties from that application object:<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-enterprise-applications-view.jpg\" data-rel=\"lightbox-image-1\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20382\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-enterprise-applications.jpg\" alt=\"Azure AD Enterprise Applications screen\" width=\"850\" height=\"408\" border=\"0\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 2: Azure AD Enterprise applications<\/div>\n<p style=\"margin-bottom: 15px;\">The <strong>service principal object<\/strong> defines:<\/p>\n<ul>\n<li>What the app can do (permissions) in the specific tenant<\/li>\n<li>Who can access the app (entity)<\/li>\n<li>What resources the app can access (scope).<\/li>\n<\/ul>\n<h3>Types of Permissions<\/h3>\n<p>There are hundreds of combinations of permissions that can be given to an application. You first need to choose the API you need and then select the permissions you want.<\/p>\n<p style=\"margin-bottom: 15px;\">There are two kinds of permissions you can choose:<\/p>\n<ul>\n<li>Delegated<\/li>\n<li>Application<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-permissions-view.jpg\" data-rel=\"lightbox-image-2\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20384\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-permissions.jpg\" alt=\"Azure AD Permissions screen\" width=\"850\" height=\"434\" border=\"0\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 3: Permissions of an Application in Azure AD<\/div>\n<p><strong>Delegated permissions<\/strong> are used when you want to authenticate the currently logged-on user to an API or other services. This typically involves a physical user and a user interface. A delegated permission will never give the user more permissions than they already have within this AD.<\/p>\n<p><strong>Application permissions<\/strong> are used when there is no user present and are usually used for API-to-other-API calls. These are also used for background services in Infrastructure as code (IaC) workflows or DevOps Pipeline services.<\/p>\n<p>Unlike delegated permissions, application permissions, however, uses the app ID and secret or certificate to log in and always has the given permissions of the application. Application permissions always require admin consent as they can give users more permission than their own user account. These means great care should be taken around which permissions are given to an app registration that uses Application permissions.<\/p>\n<p>There is literally only one secret needed to access the application because the app ID is often publicly known. As there is no Multi-Factor Authentication (MFA) available, because this authentication is based on no user interaction, it is a recommended best practice to generate the secrets with an expiration time or rotate them on a scheduled basis by process.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-assigned-permissions-view.jpg\" data-rel=\"lightbox-image-3\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20386\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-assigned-permissions.jpg\" alt=\"Assigned permissions in Azure AD application\" width=\"850\" height=\"397\" border=\"0\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 4: List of API permissions assigned to Azure AD Application<\/div>\n<p>Every service principal object has a Client ID and Client Secret\/Certificate. Every client secret has an expiration time period, and it is a best practice to set it to the lowest possible period.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-expiry-details-view.jpg\" data-rel=\"lightbox-image-4\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20388\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-expiry-details.jpg\" alt=\"Expiry details of client certificates in Azure AD\" width=\"850\" height=\"398\" border=\"0\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 5: Expiry details of Client Certificates and Secrets of an Azure AD Application<\/div>\n<p>Ideally, you should proactively monitor and audit the application secret expiry limits and proactively create a new secret and update it to avoid application downtime and failures.<\/p>\n<p>There\u2019s <a href=\"https:\/\/www.reddit.com\/r\/AZURE\/comments\/ngq7si\/how_do_you_guys_monitor_app_registration_secret\/\" target=\"blank\" rel=\"noopener noreferrer\">an insightful thread on Reddit with users discussing ways<\/a> to monitor the application secret expiry and receive alerts prior to expiry. Though the Azure App registration shows the expiry status of the secret, you do not get an alert from the portal without using Azure Sentinel tool and users seem to have resorted to a variety of PowerShell, scripts, kusto queries, and similar.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20390\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-expiry-monitoring.jpg\" alt=\"Azure AD expiry monitoring \" width=\"850\" height=\"196\" border=\"0\" \/><\/p>\n<h3>Besides Azure application client secret\/certificate expiry, Azure AD administrators need answers to some of the questions below:<\/h3>\n<ul>\n<li>Are any of my application client secrets\/certificates expiring soon or have expired?<\/li>\n<li>Can I get proactive alerts before an application secret\/certificate expires?<\/li>\n<li>Who has created these applications and when?<\/li>\n<li>Who is the owner for these applications?<\/li>\n<li>Do any of my applications have dangerous permissions that could allow hackers to compromise my Azure AD tenant?<\/li>\n<li>Do any of my applications have Admin Consent grants given?<\/li>\n<\/ul>\n<p>Phishing remains one of the most successful ways to infiltrate an organization. We\u2019ve seen a massive amount of malware attacks happening from users opening infected e-mail attachments or clicking links that redirect them to malicious sites and compromise vulnerable browsers or plugins.<\/p>\n<p>Nobelium (previously known as \u201cSolarigate\u201d) was the most advanced sophisticated Phishing attack in the recent years and many top fortune MNCs were affected. See <a href=\"https:\/\/threatpost.com\/solarwinds-nobelium-phishing-attack-usaid\/166531\/\" target=\"blank\" rel=\"noopener noreferrer\">here<\/a> for more details on Nobelium attack. Recently, Microsoft has removed a lot of malicious enterprise applications from Azure AD. Please click <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-removed-18-azure-ad-apps-used-by-chinese-state-sponsored-hacker-group\/\" target=\"blank\" rel=\"noopener noreferrer\">here<\/a> for more details.<\/p>\n<p>These compromises demonstrate the need to continuously audit and monitor your Azure AD applications in tenants and the permissions assigned to them by process and to record that this due diligence has occurred. The risk for organizations in failing to have automated processes in place extends beyond security breaches to legal liabilities from increased regulation and compliance requirements.<\/p>\n<h2>Monitoring Azure Active Directory Application Registrations with eG Enterprise<\/h2>\n<p><a href=\"https:\/\/www.eginnovations.com\/product\" rel=\"noopener noreferrer\">eG Enterprise<\/a>\u2019s Azure Active Directory monitoring answers all of the common questions about Azure AD application client\/certificates out-of-the-box without having to write any KQL queries or implement Azure Sentinel.<\/p>\n<p>Dashboards can be accessed out-of-the-box or created with just a few clicks, without having to rely on public domain workbooks.<\/p>\n<p>Besides continually monitoring logs, metrics, and error messages, eG Enterprise also automatically performs deeper diagnostic tests, if issues exist. For example, if the client secrets or certificates are going to expire, details on those Azure AD applications are collected automatically and proactive alerts are sent to you.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-monitoring-metrics-view.jpg\" data-rel=\"lightbox-image-5\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20391\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-monitoring-metrics.jpg\" alt=\"Azure AD monitoring metrics\" width=\"850\" height=\"461\" border=\"0\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 6: eG Enterprise Azure AD Registration monitoring metrics<\/div>\n<h4>Client Secrets about to Expire<\/h4>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-secrets-expirations-popup.jpg\" data-rel=\"lightbox-image-6\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20393\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-secrets-expirations.jpg\" alt=\"Azure AD secrets expiration screen\" width=\"850\" height=\"342\" border=\"0\" \/><\/a><\/p>\n<h4>Certificates about to Expire<\/h4>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-certificates-expiration-popup.jpg\" data-rel=\"lightbox-image-7\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20395\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-ad-certificates-expiration.jpg\" alt=\"Azure AD certificates expiration\" width=\"850\" height=\"145\" border=\"0\" \/><\/a><\/p>\n<h4>Azure APP Registration Dashboard<\/h4>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-app-registration-dashboard-popup.jpg\" data-rel=\"lightbox-image-8\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20397\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-app-registration-dashboard.jpg?nosize\" alt=\"Azure APP registration dashboard\" width=\"850\" height=\"329\" border=\"0\" \/><\/a><\/p>\n<h4>A few of the best practices to follow when configuring Azure permissions are given below:<\/h4>\n<ul>\n<li>Enforce MFA on all user accounts<\/li>\n<li>Don\u2019t share accounts<\/li>\n<li>Each user should log in with their own identity so that the activity log can be properly audited<\/li>\n<li>Assign access to security groups not to individual accounts<\/li>\n<li>Don\u2019t assign access at the resource level where possible<\/li>\n<li>Assign access based on the least privilege access principle<\/li>\n<li>Avoid creating custom RBAC roles where possible<\/li>\n<li>Consider using Privileged Identity Management (PIM) for allowing temporary (just-in-time) access to resources<\/li>\n<li>Perform Access Reviews to prevent stale access assignments<\/li>\n<\/ul>\n<p>This blog post is the third one in a series covering monitoring of various aspects of Azure AD, previously I have covered: <a href=\"https:\/\/www.eginnovations.com\/blog\/what-is-azure-active-directory\/\/\" rel=\"noopener noreferrer\">An Overview of Azure Active Directory (Azure AD) &#8211; 101<\/a> and <a href=\"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/\" rel=\"noopener noreferrer\">How to monitor and audit Azure AD Users<\/a>, and <a href=\"https:\/\/www.eginnovations.com\/blog\/monitor-azure-ad-audit-logs\/\">how to monitor Azure AD audit logs<\/a>. Many of our customers use eG Enterprise to monitor Azure infrastructures, other clouds, and on-premises infrastructure and applications.<\/p>\n<p style=\"margin-bottom: 15px;\">Please see the links below for relevant information:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/azure-monitoring\" rel=\"noopener noreferrer\">Azure Monitoring<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/azure-virtual-desktop-monitoring-avd\" rel=\"noopener noreferrer\">Azure AVD (Azure Virtual Desktops) Monitoring<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/microsoft-monitoring\" rel=\"noopener noreferrer\">Microsoft Monitoring: One-Stop Shop for Everything Microsoft<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/product\/technologies\" rel=\"noopener noreferrer\">Other technologies supported by eG Enterprise<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Monitoring and Alerting on Azure AD App Client Secret and Certificate Expirations The Azure Active Directory (Azure AD) is Microsoft\u2019s cloud-based identity and access management (IAM) service and an identity provider (IdP). Azure AD is the backbone for authentication in Microsoft 365 and for thousands of cloud-based SaaS applications. Azure AD provides several features for [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":20473,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[404,369],"tags":[560,558,819,572,415],"class_list":["post-20306","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure-monitoring","category-cloud-monitoring","tag-azure-active-directory","tag-azure-ad","tag-azure-ad-avd","tag-azure-ad-monitoring","tag-azure-monitoring"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Azure AD Application Registration Monitoring Tips<\/title>\n<meta name=\"description\" content=\"Azure AD monitoring is a key component of any Azure deployment. Learn these tips and strategies for managing Azure AD application registration.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure AD Monitoring Tips &amp; Strategies | eG Innovations\" \/>\n<meta property=\"og:description\" content=\"Azure AD helps developers build applications where users and customers can easily access accounts or gain access to applications and APIs. Learn these tips and strategies to managing Azure AD systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/\" \/>\n<meta property=\"og:site_name\" content=\"eG Innovations\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/eGInnovations\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-10T12:40:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-17T23:44:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-tips-Social-Image.jpg\" \/>\n<meta name=\"author\" content=\"Babu Sundaram\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Azure AD Monitoring Tips &amp; Strategies | eG Innovations\" \/>\n<meta name=\"twitter:description\" content=\"Azure AD helps developers build applications where users and customers can easily access accounts or gain access to applications and APIs. Learn these tips and strategies to managing Azure AD systems.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-tips-Social-Image.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/virtualinfra76?lang=en\" \/>\n<meta name=\"twitter:site\" content=\"@eginnovations\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Babu Sundaram\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure AD Application Registration Monitoring Tips","description":"Azure AD monitoring is a key component of any Azure deployment. Learn these tips and strategies for managing Azure AD application registration.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/","og_locale":"en_US","og_type":"article","og_title":"Azure AD Monitoring Tips & Strategies | eG Innovations","og_description":"Azure AD helps developers build applications where users and customers can easily access accounts or gain access to applications and APIs. Learn these tips and strategies to managing Azure AD systems.","og_url":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/","og_site_name":"eG Innovations","article_publisher":"https:\/\/www.facebook.com\/eGInnovations","article_published_time":"2022-02-10T12:40:47+00:00","article_modified_time":"2022-11-17T23:44:59+00:00","og_image":[{"url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-tips-Social-Image.jpg","type":"","width":"","height":""}],"author":"Babu Sundaram","twitter_card":"summary_large_image","twitter_title":"Azure AD Monitoring Tips & Strategies | eG Innovations","twitter_description":"Azure AD helps developers build applications where users and customers can easily access accounts or gain access to applications and APIs. Learn these tips and strategies to managing Azure AD systems.","twitter_image":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-tips-Social-Image.jpg","twitter_creator":"@https:\/\/twitter.com\/virtualinfra76?lang=en","twitter_site":"@eginnovations","twitter_misc":{"Written by":"Babu Sundaram","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/#article","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/"},"author":{"name":"Babu Sundaram","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/5f7590f77be55ecf13f1b8d915ac39df"},"headline":"Why You Should Monitor Azure AD App Client Secret and Certificate Expirations","datePublished":"2022-02-10T12:40:47+00:00","dateModified":"2022-11-17T23:44:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/"},"wordCount":1383,"commentCount":0,"publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-tips-thumbanil.jpg","keywords":["Azure Active Directory","Azure AD","Azure ad avd","Azure AD Monitoring","Azure Monitoring"],"articleSection":["Azure Monitoring","Cloud Monitoring"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/","url":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/","name":"Azure AD Application Registration Monitoring Tips","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/#primaryimage"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-tips-thumbanil.jpg","datePublished":"2022-02-10T12:40:47+00:00","dateModified":"2022-11-17T23:44:59+00:00","description":"Azure AD monitoring is a key component of any Azure deployment. Learn these tips and strategies for managing Azure AD application registration.","breadcrumb":{"@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/#primaryimage","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-tips-thumbanil.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-tips-thumbanil.jpg","width":362,"height":235},{"@type":"BreadcrumbList","@id":"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.eginnovations.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Why You Should Monitor Azure AD App Client Secret and Certificate Expirations"}]},{"@type":"WebSite","@id":"https:\/\/www.eginnovations.com\/blog\/#website","url":"https:\/\/www.eginnovations.com\/blog\/","name":"eG Innovations","description":"IT Performance Monitoring Insights","publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.eginnovations.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.eginnovations.com\/blog\/#organization","name":"eG Innovations","alternateName":"eg innovations","url":"https:\/\/www.eginnovations.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","width":362,"height":235,"caption":"eG Innovations"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/eGInnovations","https:\/\/x.com\/eginnovations"]},{"@type":"Person","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/5f7590f77be55ecf13f1b8d915ac39df","name":"Babu Sundaram","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d28fef01834f3b388d7d825216013937?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d28fef01834f3b388d7d825216013937?s=96&d=mm&r=g","caption":"Babu Sundaram"},"sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/virtualinfra76?lang=en"],"url":"https:\/\/www.eginnovations.com\/blog\/author\/babusundaram\/"}]}},"modified_by":"HawkSEM eG","_links":{"self":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/20306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/comments?post=20306"}],"version-history":[{"count":0,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/20306\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media\/20473"}],"wp:attachment":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media?parent=20306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/categories?post=20306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/tags?post=20306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}