Це відео не доступне.
Перепрошуємо.
Get Automatic Notifications on Expiring Azure App Registration Client Secrets with Logic Apps
Вставка
- Опубліковано 6 сер 2024
- microsoft graph api in power automate,power automate series,graph api in power automate,registration,graph api for beginners,client credentials,registering the app in azure,graph api series,graph api tutorial,power automate for beginners,power platform series,application,power automate,pragmatic works devin knight,power automate example,power platform for beginners,power platform example,graphapi,power platform tutorial,power automate tutorial,devin knight
Azure
App Registration
Client Secret
Expiring
Notifications
Automatic
Cloud Computing
Microsoft Azure
Developer Tools
Cloud Services
Part Two is here the updated tutorial ua-cam.com/video/vjPihv2CnwA/v-deo.html
Hello everyone. It appears that Microsoft have changed something on logic apps due to which some dynamic variables are not available, please let me know if you would like me to do a same video again with latest values.
Yes please, I would love an updated tutorial as I am trying to roll this out as we speak. Thank you so much in advance.
Yes. please provide some guidance on the changes so my dynamic variables can be showing on the notification email.
Hi is the new video out yet ?
Yes please, I would love an updated tutorial
Me too!!
Thank you for the video but OMG MICROSOFT... email notifications for action items is so basic...
This was quite helpful, Would love an updated tutorial 😊😊
Part Two is here the updated tutorial ua-cam.com/video/vjPihv2CnwA/v-deo.html
Hi @Graph Explorer. Can we send those expired secrets to the owner of the application? And what is the purpose of adding on false condition?🙂
Hi. Can we send those expired secrets to the owner of the application?
I used this and absolutely love this solution. I was curious if we could do one for Enterprise Apps that have App Proxy configured with SSL certs. I am finding this a big demand for us.
Thank for your positive comments. This motivates me to bring similar contents for our community. Keep working 💪
@microsoftGraphExplorer, I have more than 10 K registered application in Tenant, How to get details of all? Does enable Pagination on the HTTP action that queries for the App Registrations. (It’s found in the settings of the action, via the three dots) can help, also it gives wrong info where no secret not used for app (Reg App W/O Secret), also How to fix issue where as it stop when reg application is W/O secret ?
Also How to send email to application owners (more than one).
How we can do Azure SAML Certificate Expiry alert notification
If you can create Repo for this should be good thanks and nice tutorials
Repo can be found here in description
Can you help to create a video on how to get enterprise apps certificate expiration dates. Appreciate your help
Covered in the new video
Hi does this call includes all applications and can you explain one for certificate as well?
I have explained about certificates in this video Part Two is here the updated tutorial ua-cam.com/video/vjPihv2CnwA/v-deo.html
Hi. I am not getting endDateTime when I chose my condition even though it's parsing the JSON correctly. All I see when I choose Items is "endsWith." Any suggestions? Thanks!
Your password credential array must be empty, I would recommend you to test with only one app first and validate if everything works as expected, You can use filter to test with one app, top=1 or displayname = yourAppName.
To be able to programmatically deploy this would be clutch.
You can use Azure function to implement this using the code
Thanks for the video. I see some other comments mentioned about same thing and it is not very clear. I'm also stuck on Parse JSON step, since there are some app registrations with no secrets or certificate password credential coming up empty for those. And Parse JSON step errors out and can't move forward.
I see that you mentioned "Just put an additional condition to check if the array is empty, if empty then skip that iteration" below comment but can you please clarify and give details on this how to proceed?
Actually it was easy solution. Sharing for people having the same issue. I edited the schema in Parse JSON. Under "passwordCredentials", changed "type": ["string"] to "type": ["string","null"]
@@tunckeskin1151 I'm having the same issue, but my schema passwordCredentials is "type": "array" - trying ["array","null"] or ["string","null"] still returns the same issue. I think this method they're showing is way too subject to error depending on the application registrations people use. I found another video that doesn't rely on loops and uses XML/xpath to parse all the data, much more seamless and effective.
Updated tutorial here ua-cam.com/video/vjPihv2CnwA/v-deo.html
@@tunckeskin1151 where you get the schema for parse json
Hello Sir Good Explained. I have question, How can we exclude app proxy application from list of apps so that secret expiration mail will not send to app proxy applications.
Thank you in Advance.
Write a if condition to exclude a specific appid
Hi @Graph Explorer, The dynamic values are not showing in the email notifications. Any idea on what may be causing this issue?
Part Two is here the updated tutorial ua-cam.com/video/vjPihv2CnwA/v-deo.html
Question: I don't get the endatetime value to enter in subject of mail.
Do I need to add anything under json.
I'm not well verse with postman so did not go through postman steps.
Your password credential array must be empty, I would recommend you to test with only one app first and validate if everything works as expected, You can use filter to test with one app, top=1 or displayname = yourAppName.
Is there any similar way to get the alert configured for certificate expiration dates of sso apps (enterprise apps) ??
@@mdyaser2967 /applications gets you all applications including the Enterprise applications
Hello, Do we hae any option to generate report of the certificate going to expire in 30days
Absolutely you can customize the logic to give such reports.
You can put same script in PowerShell and then use export cmdet from PowerShell to save those records
Can this work also for SPN/Certificates expiring.
Yes
Thanks a lot Sir for this video!!
I am using Microsoft free account. While authentication its throwing me an error saying only work or school accounts are supported. Can we create work/school account for free?
Tanks for motivation Ankit, Yes you can join it here developer.microsoft.com/en-us/microsoft-365/dev-program Do subscribed the channel if I helped you in any way.
Hi Graph Explorer, I can't seems to get the end DateTime in the email, App name and the location work are all displayed in the email.
Updated tutorial here ua-cam.com/video/vjPihv2CnwA/v-deo.html
Hi. Can I change the recipient in sending the email? Because in our tenant there are multiple users who are using it. And can I also change the sender because as I can see, the recipient will see that the email is from me? Can I use Microsoft Azure as the sender or Microsoft?
Yes You can use a DL in that case.
@@microsoftgraphExplorer may I know what is DL. I am new to this platform, bear with me :)
@@user-jr4kn9cl4c I am sorry Joy. A DL is like a Group also known as distribution group which has a common mail address, so once you send an email to that email address, all the recipient get that mail.
@@microsoftgraphExplorer Hi. I'm getting another for each loop when I add a set variable for displayName and passwordCredential. Can you help me with this
I followed your steps and it is working fine, however, I did top 3 in the query and it sent mail on only one app, but sent it 3 times. Was there something wrong in the loop?
oh I see, it sent mail about the already expired old secrets. I will have to add condition to skip those
Hi Briyan, Please help with the query to get all the expired & about to expiry secrets.
This seems subject to a lot of room for error judging by the comments and my issues as well, due to the JSON parsing step. For example, when setting variables in the foreach loop, there're multiple issues here in the comment section where variables aren't available from dynamic content, even though the data is in the output - I can't set passwordCredentials even though it returned in the JSON output, same with endDate, it's not showing up even though it output.
Updated tutorial here ua-cam.com/video/vjPihv2CnwA/v-deo.html
I insert this expression item()?['endDateTime']
@@dimmnutbutter1403 have a look at the part 2 that I created to solve all the doubts ua-cam.com/video/vjPihv2CnwA/v-deo.htmlsi=TQSHl8tYEYHqaSEt
very useful video can we do with in one email
Yes, in that case you will have to remove the email logic and put it in the end.
@@microsoftgraphExplorer if you have time can we connect for 10 mins
@@microsoftgraphExplorercan you share your expertise on getting the complete expiry details in single email please sir
Nice video, good explenation.
Next time, please stop eating candy or whatever you where doing... those smacking (like in 9:40 - 9:50) sounds making me cringe to the point of not wanting to watch it but had to because i wanted to know how. (just a friendly advice)
Thank you sir, Your feedback noted, I appreciate your feedback. Won't happen again. Glad to know that the video helped you in some way.
Hi , I should say it is nice video ! I have a 3 application & i want to get expired information at the same for 3 application secret . Is it Possible ? Can you help me out please
Yes it is possible, in this example I have more than 20 Applications and it is notifying me about all 20 apps who's secrets are expireing. Please subscribe to my channel if you find it useful. Its motivating that it helped you.
The list Applications endpoint list all the applications in the tenant,
@@microsoftgraphExplorer But how to fix it ? because according to your video we can create one application at the same time
Please can you help me out
its like emergency for me
@@travel-pagol5724 Can you please let me know your end goal so I can suggest you the most appropriately.
@@microsoftgraphExplorer Hello , is it possible to get notify Application owner automatically . Case Study : I have a one application has owner & 4 of application has no owner so if application has owner , they will get notify automatically via Logic app by email & Applications do not have owner , Tenant owner get notify by email. Do you have any idea regrading this or reference so i can do that . Its my School Project , it will be nice if you help out of this .
Hi, I am working in an organisation where I can't get to have the Admin Grant access to read all application for my SP. Is there any workaround to this problem?
Unfortunately no. Those are security level permissions and needs to be there and we do not have any work around for it
@@microsoftgraphExplorer What I meant is to access graph api using my user account and access all the app registrations that the logged in user has created which is secured rather than have access to read all apps under the tenant.
@@binoysankar2281 yes you can do that using delegated permissions. Check the GET application API endpoint and use that delegated permission. Thanks for watching the video. I will make a video on this soon. Stay tuned.
@@microsoftgraphExplorer Great a video would be perfect. Thanks for your time 👍🏽
Hi Sir it is very helpful but I am not receiving the passwordCredentials line in the https schema how to rectify this?
Update tutorial here ua-cam.com/video/vjPihv2CnwA/v-deo.html
I think the solution or the logic app does not move forward if password credential is empty for first app registration, any idea to solve this case?
Just put an additional condition to check if the array is empty, if empty then skip that iteration. I hope that helps.
@@microsoftgraphExplorer I am hitting this issue in the Parse JSON step, so would it be a conditional check step before that? Not picturing it ATM
me to i can't solve this issue and i try to do my best but it's not clear to me hope there is document to share with fix this issue@@bryanrogers1587
The logic app works perfectly. But the dynamic values are not showing up in the my emails. What do i need to do to correct the email formatting?
Hi Allen, I'm also having same issue. The dynamic values are not showing up in my notification emails
There's an issue with Condition - endDateTime is less than addToTime
Not endDateTime isn't available on the last step, whereby you compile your email structure. Be superb if you could help. I've pretty much replicated what you've done on your vid. Cheers
Updated tutorial here ua-cam.com/video/vjPihv2CnwA/v-deo.html
Updated tutorial here ua-cam.com/video/vjPihv2CnwA/v-deo.html
I'm not seeing that same screen when I choose to create a logic app through the azure portal. It doesn't let me set a recurrence and doesn't give me other options that you are seeing. You must be using some special logic app designer tool? I googled around but can't seem to find much about the designer tool. No explanation on how to access or use that tool makes this a very confusing video
Hi Jone, I believe the video is pretty old and Microsoft has changed few visuals since I last created this video