I was looking for a way to get notified before an Azure AD App key/credential is expired. The link shows the script to list the details of account and expiration date. Is it possible to somehow automate using azure native apps such as Logic app or azure monitor to notify via email/SMS before 1 week of expiration.
Asked
Active
Viewed 3,729 times
1 Answers
3
In my personal opinion, I recommend you to use Azure automation runbook to do that.
1.Create automation account(need to create Run As account) and runbook(powershell type).
2.navigate to the automation account in the portal-> Modules -> Browse Gallery -> import the AzureAD module.
3.Follow this link to assign directory role to the service principal generated by the Run As account(I am not sure which role will be enough to Get-AzureADApplication , you could try the Global Administrator directly).
4.In your runbook, use the script as below to login with the service principal. Then run the sample in your question to get the expiry date, write some if else statement to compare with the current time and judge, then use Send-MailMessage to send a mail message. Then save and publish your runbook.
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Connect-AzureAD `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
5.Navigate to the runbook in the portal -> Schedules -> create and link a recurrence schedule to your runbook, maybe every hour or every day, details depend on you.
Joy Wang
- 39,905
- 3
- 30
- 54