Ga naar hoofdinhoud

Entra ID App Registration Event Monitor

notitie

Overview

The Entra ID App Registration Event Monitor checks your app registrations in Microsoft Azure and alerts if the client secrets are due to expire within a specified number of days.

info

Use Cases

  • Keeping a list of app registrations
  • Receiving notifications well before your app registrations are due to expire

Monitoring Options

  • Alert with [Info/Warning/Error/Critical] if Azure cannot be contacted: Receive an alert if the event monitor is unable to connect to Microsoft Azure.
  • Alert with [Info/Warning/Error/Critical] when app registrations are added: Receive an alert when an app registration is added.
  • Alert with [Info/Warning/Error/Critical] when app registrations are removed: Receive an alert when an app registration is removed.
  • Alert with [Info/Warning/Error/Critical] when client secrets are expired: Receive an alert when one or more client secrets are found to have expired.
  • Alert about client secrets that will expire in less than a specified number of days: Specify the number of days before client secret expiry to receive an alert.
  • Don't alert about client secrets that have already expired: Exclude alerts about client secrets that have already expired.
  • Include a table of client secrets [before all/after all] event text: Add a table of client secrets to the event text generated each time the event monitor runs.
  • Include all the client secrets: Include a list of all client secrets in the notification generated each time the event monitor runs.
  • Include valid client secrets: Include valid client secrets in the text generated each time the event monitor runs.
  • Include expired client secrets: Include a list of all expired client secrets in the notification generated each time the event monitor runs.
  • Include client secrets expiring in the next 30 days: Show all client secrets expiring in the next 30 days in the notification generated each time the event monitor runs.
  • Only check the following app registrations: List app registrations to check. All app registrations not listed here will not be checked.
  • App registrations to ignore: List app registrations to ignore. The event monitor will skip monitoring these app registrations.
  • Client secrets to ignore: Enter a list of client secrets to ignore. The event monitor will skip monitoring these client secrets.

Authentication and Security

  • Create an app registration to add to your event monitor's authentication profile.
  • Grant required permissions with the delegated and application types under Microsoft Graph.

Sample Output

Protocols

Data Points

This event monitor generates the following data points:

  • Same as configured in the monitoring options.
Data PointDescription
App RegistrationsTotal app registration count.
Deleted App RegistrationsTotal number of deleted app registrations.
New App RegistrationsNumber of new app registrations since last event monitor run.

Sample Output

Sample Output