The views and opinions expressed in this blog are those solely of the author(s) and do not necessarily reflect Microsoft’s current policy, position, or branding. For official announcements and guidance on Dynamics 365 apps and services, please visit the Microsoft Dynamics 365 Blog.
Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2019 release wave 2 Discover the latest updates and new features to Dynamics 365 planned through March 2020
Release overview guides and videos Release Plan | Preview 2020 Release Wave 1 Timeline
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
It used to be all you had to remember is when your site's SSL certificate was going to expire. Now we have certificates and client secrets that are used for all kinds of things in the cloud including for Azure AD apps. Consider this my public service announcement that you need to get better at managing these too. Failure is not an option, well unless you don't need things to run :)
This means either you become lazy and admit defeat by selecting never expire, or become a better person by giving in and getting a key rotation in the regular grooming of your cloud assets.
The problem all begins on the following screen when you setup your client secret. It's a little bit like mission impossible, this message will self-destruct. The key is only displayed once, and you can't change the expiration after creation. You can delete the key, and you can add new keys with different expirations. A simple manual rotation would be just creating another key, setting your app to use it before the other key is deleted or expires.
It's easy to get in trouble when creating the secret because you are excited to get the app to run, or deployed and select 1 or 2 years since you believe security is important. Then promptly forget to tell anyone or schedule a task prior to that expiration to rotate the keys. Don't worry; a reminder has been set for you in the way of a failing application.
Now is an excellent time to either personally or have your administrator do a key expiration audit. Go through each application in your Azure AD, review the keys and their expirations.
If your a little more advanced Key Vault in combination with Run Books can help you automate this, but even a manually process of rotation is better than a phone call late one night when it fails. You can read more about the key vault rotation here
I will be adding this reminder to the resources for my new training course we recently published on Building Custom Connectors for PowerApps and Flow. In the Hands-on Lab for that, it goes into details on how to use Azure AD auth with custom connectors, and this is a great way to practice your key management :)
Business Applications communities