u/AdeelAutomates

Hey Everyone, as managing App Registration secrets can be annoying... either you stay on top of them or they expire.

Initially, I had built scripts to alert app owners when secrets were expiring through email/tickets. But then I started thinking: why not just automate the whole rotation process?

Especially since these secrets are created & stored in a secret manager like a Key Vault for scripts, runbooks, or apps to consume.

So I built a process in PowerShell that does the following:

• With a list of app registrations (to control which ones we autorotate)
• Rotate their secrets automatically (when a date hits since creation that you set)
• Update Key Vault with its new secret
• Keep the old secret on the app for a grace period (to avoid breaking a service that happens to be consuming it at the time of this script run)

Throw it in an Automation Account, run it daily, and secret rotation becomes a managed process instead of a manual task.

I did a full walkthrough for this here: https://www.youtube.com/watch?v=smKhyZ1xL6I

In case all you want is alerting. Where it sends HTML emails to the owners of the app registrations when their secrets are about to expire, I made a walk through on that as well: https://www.youtube.com/watch?v=E3wnj0bVRWg

Hey everyone,

I built a series of content on Microsoft Graph. I thought I share it here.

Microsoft Graph, if you don’t know, is Microsoft’s unified platform to interact with Entra ID, Microsoft 365, Teams, SharePoint, Intune, and more through APIs.

This is what allows you to truly automate against the Microsoft cloud platform. It has replaced many of the PowerShell modules for everything but Microsoft Exchange.

If you wish to understand it so you can start automating on these platforms (both Graph Module & API), I got you! Here are some of the episodes for you may be interested in checking:

• Learn the foundation of Microsoft Graph with EntraID (Graph Module)
• Learn how App Registrations, Service Principals & Enterprise Applications work with Graph
• Learn how to send emails and make it a function to simplify it for future use (including sending files as attachments). And if you want to make the functions into a module for automation account to use.
• Learn how APIs work with PowerShell (ARM & Graph API), so that you can...
• Learn how to work with SharePoint using Graph API (as Graph Module sucks the more you use it... especially for SharePoint)
• Learn how to interact with Excel Online (So you can generate reports through automation)

Putting it all together, here is the kind of things you can do with Graph: Build a Report on Azure, Entra & M365 Permissions! This builds a identity permissions report of your tenant & stores it in SharePoint in a new excel doc. If nothing else check out @ 40:04 , one of my favorite things about Graph is seeing excel docs come alive in real time with the data!

I put together an episode focused on ownership governance using Azure Policy and Automation (PowerShell).

The focus is on using Azure Policy to set the laws of the tenant and then using scripts to police it over time.

We apply this approach to ownership across resources using owner tags.

We will explore:

• How Azure Policy works:
  • Definition vs Assignment
  • How to read and edit the Definition JSON and all the parts that go into it
• Build our own custom policies to:
  • Enforce owner tags on resource groups
  • Append owner tags to resources
• Build a PowerShell script to validate owner values against EntraID:
  • Detect drift (invalid values, disabled/ex-employee accounts, duplicates)
  • Rout actions to the right people to take actions (email, task, ticket)

The goal is to move from “we have tags labeling owners” to “we have accurate ownership across time”.

Link: https://www.youtube.com/watch?v=pP43VQ7577s