Microsoft Entra ID Application Secret Expiration Notification

Microsoft Entra ID is a cloud-based identity and access management service. It offers features like single sign-on (SSO), multifactor authentication, and automated user provisioning to enhance organizational security. 

 

In my last blog, I used Microsoft Graph API to get a Microsoft Entra ID application. Now, we are trying to extend the functionality to get the application expiry date so that we can send the notification to the application owner before it expires. 

Send alert on Microsoft Entra ID application secret expiry

DateTime currentDate = DateTime.Now;
TimeSpan duration = new TimeSpan(7, 0, 0, 0); // 7 days
DateTime resultDate = currentDate.Add(duration);
var result = await _graphServiceClient.Applications.Request().GetAsync();
var appList=new List<Models.Application>();
foreach(var app in result.CurrentPage)
{
      var isToBeExpired= app.PasswordCredentials.Where(e => e.EndDateTime <= resultDate).Count()>0?true:false;
        appList.Add(new Models.Application
        {
            Id = app.Id,
            ApplicationId = app.AppId,
            ApplicationName = app.DisplayName,
            SecretToBeExpired=isToBeExpired,
            Owner = app.Owners.FirstOrDefault().ToString()
        });
    if (isToBeExpired)
    {
        //send email to owner
    }
}

The above function will get the client's secret end date time. It checks for each application's client secret to be expired within 7 days anpreparesre the list; we can add one more function to send an email as a notification to the application owner.