This article will explain how to build an automation account to monitor your Azure App Certificates and to notify you before expiration.
Prepare the Certificates
Step 1: Create Self-Signed Certificate
- Open PowerShell window as administrator
- Run the following command:
PowerShell
New-SelfSignedCertificate -Subject 'CN=AzureAppCertsChecker' -KeyLength 2048 -KeyUsageProperty All -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider' -NotAfter (Get-Date).AddYears(10)- Extract the certificate from your computer using MMC
- The certificate will be in the personal store; export it twice, one with the private key and one without
Create the App
Azure App Registration Steps
- Go to Azure App registrations
- Click on New registration, give a name to the application, and click on Register
- Click on the app you just created and click on Certificates & secrets
- Click on Certificates and then on Upload certificate
- Choose the certificate without the private key you exported
- Click on API permissions
- Click on Add a permission
- Click on Microsoft Graph and on Application permissions
- Search for mail and under the Mail section check all five
- Search for application and check Application.Read.All
- Click on Add permissions
- Click on Grant admin consent for…
- Click on Overview and copy the Application (client) ID and Directory (tenant) ID
Conclusion
You've successfully set up an automated monitoring system for your Azure App certificates. This solution will help you stay ahead of certificate expirations and maintain the security of your Azure applications.