Pages

Wednesday, March 30, 2022

Attempting to use Chris Scott's App Registration Expiration Monitoring and Notifications displays data with "DaysToExpiration" set to "-738,241"

As described in my previous post:

Using PowerShell to send custom log data to Log Analytics for Azure Monitor alerting and Kusto Query
http://terenceluk.blogspot.com/2022/03/using-powershell-to-send-custom-log.html

I had difficulty using Christopher Scott’s script to work when used in an automation account as the data sent to Log Analytics would display all Certificates & secrets as expired and the start and end times were not displayed and ended up spending most of my weekend troubleshooting why so in an effort to help anyone who may encounter the same issue as I did, this will be a quick blog post writeup that will outline the symptoms and resolution.

Problem

You attempt to use Christopher Scott’s PowerShell script (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/app-registration-expiration-monitoring-and-notifications/ba-p/2043805) to extract App Registration’s Certificates & secrets to send to Log Analytics but noticed that the data returned when querying for displays:

  1. All certificates and secrets as Expired
  2. The DaysToExpiration are all set to -738,241
  3. The StartDate and EndDate fields are expired
image

Solution

What was determined after troubleshooting this was that the default Az.Resources module for the Automation Account was version: 5.4.0.

image

It appears the cmdlet Get-AzADServicePrincipal and Get-AzADAppCredential returns null for a lot of the fields in this newer version.

To fix this issue, try downgrading it to 4.2.0 by downloading the nupkg package here:

https://www.powershellgallery.com/packages/Az.Resources/2.5.0

Rename the extension from nupkg to zip.

Import the package in the Modules of the Automation Account:

image

image

image

Try running the Runbook again to confirm that the data sent to Log Analytics is displayed properly as such:

image

No comments: