The Microsoft identity platform handles identity and access management (IAM) only for registered applications. Registering an application creates trust between the application and the Microsoft identity platform.
The trust is unidirectional which means that the registered application trusts the Microsoft identity platform, but not the other way around.
In Azure AD, applications can be represented in two ways:
Application objects - Application objects define the application for Azure AD and can be viewed as the definition of the application. This enables the service to understand how to issue tokens to the application based on its settings.
Service principals - The instance of the application in the user's directory that controls connections to Azure AD is known as a service principal.
The actions listed below must be carried out in Microsoft Azure in order to grant the permission required for monitoring with Serverless360:
- Navigate to the corresponding App registration in your Azure Active Directory
- Click API permissions -> Add a permission to add a permission to the app registration
- Select Microsoft Graph from the Commonly used Microsoft APIs
- Choose Application permissions from the two types of listed permissions
- Select Application -> Application.Read.All and add the permission
Client secret expiry monitoring
Serverless360 allows the users to keep track of the expiration of client secrets for specific app registrations and delivering notifications prior to the expiration date, prompting them to renew it.
- Navigate to App Registration -> Monitoring to configure expiry alert for client secrets
- Specify the number of days before which the expiry alert has to be received
- Click Save
The App Registration resource properties can be accessed within the resource by clicking Properties.