As promised in my earlier post (AzureAD Application Report), sharing the script for sending Alert Emails when Azure AD application certificate or secret is about to expire.
Script has been parameterized so that you can just supplied the days left in the form of array so its sends alert on days rather than indefinitely.
For example:
If you want to send Alert before 60 days, then 15 and then last day à 60,15,1
Script has been designed so you meet your organizational requirements.
Prerequisites for this solution:
Install these modules before downloading/executing the script.
Download the script from Git or PowerShell gallery from below links:
Git:
https://github.com/VikasSukhija/Downloads/blob/master/AzureADApplicationExpirationEmailAlert.ps1
Powershell Gallery:
https://www.powershellgallery.com/packages/AzureADApplicationExpirationEmailAlert
Install-Script -Name AzureADApplicationExpirationEmailAlert
Note: Script will auto generate encrypted password first time it is run and save it in the same folder.
Logs and reports will be stored in their respective folders from where the script is being run.
Here is how you can run it:
Option1
Run the Script to Send Alert to particular Email id when Cert expiry is nearing 60, 20 and 10 days.
-SendAlert should be set as Alert
.\AzureADApplicationExpirationEmailAlert.ps1 -daystoexpiryleft 60,20,10 -SendAlert Alert -smtpserver smtpserver -from donotreply@labtest.com -erroremail VikasSukhija@
labtest.com -logrecyclelimit 120
Default value for -daystoexpiryleft if not selected is 60, 15 and 1
Default value for -logrecyclelimit if not selected is 60 (after 60 days logs and report will be recycled)
Option2
Run the Script to Send Alert to owners ids when Cert expiry is nearing 60, 20 and 10 days. (this will only work in case owner field is populated)
-SendAlert should be set as AlertOwner
.\AzureADApplicationExpirationEmailAlert.ps1 -daystoexpiryleft 60,20,10 -SendAlert AlertOwner -smtpserver smtpserver -from donotreply@labtest.com -erroremail VikasSukhija@
labtest.com -logrecyclelimit 120
Default value for -daystoexpiryleft if not selected is 60, 15 and 1
Default value for -logrecyclelimit if not selected is 60 (after 60 days logs and report will be recycled)
Option3
Run the Script to ReportOnly when Cert expiry is nearing 60, 20 and 10 days. (this will only work in case owner field is populated)
-SendAlert should be set as Reportonly
.\AzureADApplicationExpirationEmailAlert.ps1 -daystoexpiryleft 60,20,10 -SendAlert Reportonly -smtpserver smtpserver -from donotreply@labtest.com -erroremail VikasSukhija@
labtest.com -logrecyclelimit 120
Default value for -daystoexpiryleft if not selected is 60, 15 and 1
Default value for -logrecyclelimit if not selected is 60 (after 60 days logs and report will be recycled)
After running it for first time interactively you can schedule it to run via task scheduler as password has been stored as encrypted credentials inside the script folder.
I hope this powershell magic will be useful in your organization as well.
Snippet of the Email Alert:
Thanks for reading and downloading…
Tech Wizard
Tech Wizard 