App Certificate Expiry Check [CHK-1163]
This check verifies if any application registrations have certificates that will expire within the next 30 days.
Rationale
Application Registrations are frequently used to automate processes, with authentication handled by secrets and certificates. These have an expiration date, and if not renewed in time, can lead to sudden process disruptions with serious consequences.
Fix
An automated fix is not available for this issue. To fix it manually:
- Open the Entra ID management portal at https://entra.microsoft.com.
- Navigate to Applications and App registrations.
- Click on All applications and find the application that the alarm is about.
- Click on the name of the application.
- Go to Certificates & Secrets.
- Create a new Secret or upload a new certificate.
- Incorporate new authentication methods into other scripts or systems that communicate with App registration.
Impact
Renewing these certificates ensures that your applications remain available and your systems continue working as expected.
More Information
For more details, visit Microsoft's Security Best Practices for App Registration.