Entra ID Enterprise Apps Event Monitor Reference Guide
Entra ID Enterprise Apps Event Monitor
Learn about the conditions of your enterprise applications and receive alerts about their statuses.
Overview
The Entra ID Enterprise Apps Event Monitor watches over your enterprise applications in Microsoft Azure and alerts if the client secrets are due to expire within a specified number of days.
Use Cases
- Receiving alerts about expiring client secrets ahead of time
- Keeping a list of enterprise applications across Entra ID
Monitoring Options
Alert with [Info/Warning/Error/Critical] if Azure cannot be contacted
This option will send you an alert with your choice of severity if the event monitor cannot contact Azure.
Alert with [Info/Warning/Error/Critical] when enterprise applications are added
Check this box to receive an alert when new enterprise applications have been added since the last check.
Alert with [Info/Warning/Error/Critical] when enterprise applications are removed
Check this box to get alerted if the event monitor detects enterprise applications that have been removed.
Alert with [Info/Warning/Error/Critical] when client secrets are expired
This option will send an alert when client secrets expire.
Alert about client secrets that will expire in less than a specified number of days
This option lets you specify the number of days before secret expiry that you'd like to receive an alert.
Don't alert about client secrets that have already expired
This option works with the previous one. When you check this box, you won't receive repeated alerts about client secrets that have already expired.
Include a table of client secrets [before all/after all] event text
Check this box to include a table of client secrets in the event text generated by your event monitor each time it runs.
Include all the client secrets
The following inclusion settings control which client secrets will be included in the table the event monitor generates. Checking this box will include all client secrets, but you can use the options below to further filter the secrets displayed.
Include valid client secrets
Use this option to include valid client secrets in the table.
Include expired client secrets
Use this option to include expired client secrets.
Include client secrets expiring in the next 30 days
Use this option to include client secrets that expire in less than 30 days.
Only check the following enterprise applications
Here, you can enter the exact names of enterprise applications you want the event monitor to check. All others will be skipped. Enter the names of each enterprise application on a new line.
Enterprise applications to ignore
Here, you can enter the exact names of enterprise applications you don't want the event monitor to check. Enter the names of each enterprise application on a new line.
Client secrets to ignore
Enter the names of client secrets you want the event monitor to ignore here. Specify multiple by entering them one per line.
Authentication and Security
First, you'll need to create an app registration to add to your event monitor's authentication profile. Information on how to do this can be found in our "Creating an Azure Authentication Profile" article.
The app registration you create for this event monitor will need the following permissions:
- Application.Read.All at the application level
- User.Read as a delegated permission
Protocols
Data Points
This event monitor generates the following data points:
| Data Point | Description |
|---|---|
| Enterprise Applications | The total number of detected enterprise applications |
| New Enterprise Applications | The number of new enterprise applications |
| Deleted Enterprise Applications | The number of deleted applications |
Sample Output
Tutorial
To view the tutorial for this event monitor, click here.
Comments
Add a comment