Monitoring Azure AD Client Secrets going forward When we first started receiving information, your Azure AD app client secrets were due to expire. Sending notifications to users who can renew their secrets on time is now necessary.
Azure Logic App might be necessary for it. We utilize it because Logic Apps has a collection of integrated connectors that can connect to Microsoft Outlook and deliver email notifications to the owner of each secret.
Create Azure Logic App
- Login to Azure Portal
- Search for Azure Logic App
- Enter the Logic App Name and appropriate Region
- Choose the Consumption Type Plan
- The Azure Function should be created in the same Resource Group that you select.
- Go to Logic App Designer
Azure Logic App Triggers
The workflow of Logic App relies heavily on triggers, which are set off when a particular event occurs or when newly accessible data satisfies a predetermined criterion. The Logic App engine creates a Logic App object every time the trigger is activated, which executes the actions as a workflow. Depending on a particular User Case, you can decide which trigger to employ.
- Create an HTTP trigger to cause the connection to deliver the notice when data is sent to the API endpoint, or when an HTTP request is received.
- Choose the method POST. You can even add any endpoint name as parameter.
- For easier understanding, format the incoming JSON data into a table by creating an HTML table.
- Search for Dynamic Content in the From column and add the Body parameter to indicate that the content was retrieved from the body of the HTTP request.
Azure Logic App Connectors
Using built-in connections, Azure makes it easier to communicate with external applications so that we may automate operations and workflows. We can automate the process of sending emails for our current user case by using the Office 365 Outlook connector.
- Add another step and search for Outlook connector.
- You must sign in to your outlook account from which the alert emails will be issued in order to use this connector.
- After signing in, from the Actions tab select ‘Send an email’ option.
- Write the letter. Now we must add dynamic information to the Body in order to display the expired secrets. Select the Output option from the Dynamic content to have the data sent to us in the form of the table we established before.
- The logic app’s flow is now finished. Any incoming HTTP call that contains the secrets will email the corresponding owner. This is how a demo run might appear.
- The mail received will be of the following format.
- To find the history of all the times that the Logic App ran, go to the Overview Tab.
We are now keeping a check on the client secrets that are about to expire, and depending on the situation and available budget, we can arrange the Azure Function to run periodically.
