I came across a need to know when a certificates and secrets are about to expire on Azure app registrations, but there was no native way for me do this, expect to just scroll down the application registration list and look for “Expirer soon”, and that didn’t really do it for me.
So, I decided to look for way to get notified a number of days before a secret or a certificate will expire using PowerShell. I ended up writing this script and then running it using an Automation Account in Azure, but you can run this script everywhere, if you have the Microsoft Graph PowerShell module installed on the platform of your choice.
Identity and Access Management
Using Azure Service principal to run PowerShell script on Azure SQL server (Managed instance)
Azure service principals (or App regs.) is nice secure way to connect to fx. a Azure SQL manage instance and then perform querys using PowerShell. This is an ideal alternativ to using a local Service Account. The upside to this is that you can authenticate with a secret or with a certificate that you create for yourself or the machine you are running your script(s) from.
Assign Azure SQL database permissions to AAD group
Intro
When you create an Azure SQL database (DB) right of the bat, you will be faced with the need to assign permission in the database to users or security groups. Normally on an on-premises SQL DB it’s no problem and can be done using the GUI in SSMS. But for an Azure SQL DB, there is no GUI to assign permissions, you will need to use SQL queries to assign permissions to users or groups. Let me show you how to assign SQL DB permissions to a AAD security group.