(UPDATED) Get Automatic Notifications on Expiring Azure AD secrets using Logic apps and Graph API
HTML-код
- Опубликовано: 20 окт 2024
- azure logic apps,azure client secret expiry notification,how to get client secret expiry date using the azure ad graph api,logic apps azure,azure app registration secret expiration powershell,azure,azure app registration client secret expiry,microsoft graph api client secret expiration,azure app registration client secret expired,azure app registration client secret,read secrets from keyvault in logic app,logic apps vs power automate.
Two Conditions:
addToTime(utcNow(),2,'Year')
items('For_each_passwordCredential')?['EndDateTime']
get Token Details:
Host URL: login.microsof...{tenantId}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
Body:
tenant=YourtenantId&client_id=YourClientID&client_secret=YourClientSecret&grant_type=client_credentials&scope=graph.microsof...
Get Application Graph API endpoint
graph.microsof...
Documentation: learn.microsof...
Link to the code Repo: github.com/Pro...
![Chino Pacas - Smith (ft. Junior H & Fuerza Regida) [Video Visualizador Oficial]](http://i.ytimg.com/vi/BVK6k56X30Y/mqdefault.jpg)
![FNAF vs TF2 - Episode 2 [SFM]](http://i.ytimg.com/vi/z5b3V2-VLb0/mqdefault.jpg)
Link to the code Repo:
github.com/ProgrammingWithDJ/LogicAppExpiringSecrets/tree/13d22113c8a79956f107a7ae03460902bf232c23
@MicrosoftGraphExplorer,How about monitoring only 3 reg application out of thousands ? As just want set for only 3 specific reg application?
Use three http request and use appid of those three apps that you want instead of get all call
Great video, I did run into one issue on the Foreach step. When I go select the previous output from the Parse Graph Call, the only selection I have is "Body required" which there are two of I dont have "Body Value", I recreated the previous 2 steps in case I made a typo but that doesnt seem to be the issue and I was able to Run a test successfully previously. Any ideas?
Can you check the code and compare with the code in the pin comment?. I'm glad that it helped you though. Happy to see that. Please subscribe of it helped in some way. Thank you
So it looks like your code says "content": "@body('Get_Applications')" where as mine says "content": "@body('Call_Graph_API')",
@@mayhewwilroy2368 yea depends on what you name your attributes there
@@microsoftgraphExplorer I actually am still having this issue, when I create the Foreach loop and try to select "Body Value" the only option I have is "Body Required" but when running the code to test the JSON step before clearly has a body with info from the Registered Apps as expected. Im wondering what else I may be missing? Thanks, I think I saw someone else mention the same issue.
@@mayhewwilroy2368 Any luck with this problem. I'm also stuck at this point.
@microsoftGraphExplorer, I have more than 10 K registered application in Tenant, How to get details of all? Does enable Pagination on the HTTP action that queries for the App Registrations. (It’s found in the settings of the action, via the three dots) can help, also it gives wrong info where no secret not used for app (Reg App W/O Secret), also How to fix issue where as it stop when reg application is W/O secret ?
Also How to send email to application owners (more than one).
Yes use do until loop and use odata next link to do pagination in graph api. Then for app registrations which use secrets create a seperate condition for it and if it's empty then just ignore or do something on else condition. Same with certificates.
@microsoftgraphExplorer I hope you can assist me, Im having an issue when getting to the first For Each, I dont see the Body Value from the previous expression but if i do use the insert expression im getting this error:
ExpressionEvaluationFailed
The execution of template action 'For_each' failed: the result of the evaluation of 'foreach' expression '@body('Parse_Graph_Call')?['properties']?['value']' is of type 'Null'. The result must be a valid array.
I also got this, were you able to resolve? I thought it might be the sample payload, because the Parse Graph Call to the JSON before the Foreach seems to have all properties needed.
@UCCl2dSkmGihH0Uf8N4LOxXg no, still waiting if @microsoftgraphExplorer could reply to us
Happened to me as well, do share if you find something
Figured out using Chat gpt using whole code with it and the error as well
Hello. Where can I get the schema that I will be using in the Parse JSON
@@lovelyjoyorola6422 hey you can copy the code from the github repo in pinned comment. Thank you
It would be great if we have an video on how to use odata next to check 1000’s of app secrets expiry
Use do until loop. And do until the odata next link is empty.
small query, this will work for all the app registrations client secret right? or how to make this work multiple app registrations? If they are multiple app registrations in my environment, I looking to set up all of it.
Yes this will work for all the app registrations in the tenant. In addition to the for each loop you will also need a do until loop and do pagination to traverse all the data from graph api odata next link
Hi please can you let us know the reason to use access token instead of using client secret method used in earlier video
It is just for convince. The access token step uses same client secret methods. And both steps are same, in this case I have just considered as a seperate step. You can use either way.