O365 – Provider hosted apps client secrets expiring

Published on Author tipratzLeave a comment


Haven’t used this yet but looks like a good tool to provide visibility on your provider hosted apps & which client secrets are going to expire, currently information which is not made available as standard:


Tenant Information Portal


This solution is used to display information regarding your Azure Active Directory Tenant specifically related to Service Principals that are only surfaced via PowerShell. By default, when you register an add-in with appregnew/appinv, these service principals are not displayed in the Azure Portal and the default expiration is 1 year. This solution will also assist you with identifying apps (add-ins) that are expired or that may be expiring soon.

This application was built using AngularJS/MVC that is invoking a web API that is secured using Azure AD to query the Graph API. The application uses the Active Directory Authentication Library (ADAL) to obtain a JWT access token through the OAuth 2.0 protocol. The access token is sent to the ASP.NET 5 Web API, which authenticates the user using the OWIN OAuth Bearer Authentication middleware.


  • Dashboard that provides a visual indicator on Service Principals that are expired or that may be expiring in 30, 60, and 90 Days.
  • Displays/Exports all service principals that are registered within your Azure Active Directory Tenant.
  • Displays Tenant Last Directory Synchronization time

Applies to

  • Office 365 Multi-tenant (MT)
  • Office 365 Dedicated (D)
  • SharePoint 2013/2016 on-premises with an low trust established


  • An Azure subscription (a free trial is sufficient). If you don’t already have an Azure subscription, you may get a free subscription by signing up at https://azure.microsoft.com. All of the Azure AD features used in this application are available free of charge.






Leave a Reply