ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM

Guide to renew One or more Azure AD App Secrets used by cloud services. Let’s understand the meaning of the Configuration Manager notification message One or more Azure AD app secrets used by Cloud Services will expire soon and Renew to avoid service disruption. Also, we will see how to fix it. When the security key on the app expires, you have to renew all the security keys if you have more than one.

Azure AD applications are used for many cloud-connected functions within Configuration Manager. ConfigMgr is connected to the cloud and uses different Azure services that require distinct configurations. Azure AD apps are created for each of these services.

The Azure AD apps are required for services like Azure AD User Discovery, Cloud Management Gateway, Tenant Attach, Co-Management, etc… You can use a single or distinct Azure AD application(s) for more than one service.

Renew Security Key / Secret Key

Patch My PC
Advt

First thing, don’t get confused about the Azure AD App security key and secret key. Both refer to the same thing.

Recently, I received the notification to “Renew Azure AD app secrets“. Let’s go through the process to renew the secret keys for Azure AD Applications.

ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM

The following are the two secrets that are of immediate concern (expires in a month). These secret keys (highlighted in yellow) need to be renewed to avoid any service disturbance.

  • Click on the Hyperlink ( Renew secret key close to expiry) in the Console notification alert or
    • Navigate to \Administration\Overview\Cloud Services\Azure Active Directory Tenants – Applications.
    • Find out the apps that are going to expire soon.
    • The expiry date – Check the column Secret Key Expiry (UTC).
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
  • Click on the application that you want to renew (the secret key close to expiry).
  • From the RibbonApplications tab, click on the Renew Secret Key button.
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
1E Nomad
Advt
  • Sign in to Azure AD with appropriate permissions on Azure AD tenant (Azure AD Apps).

NOTE! – For more information about the required app permissions and configurations for each service, see the relevant SCCM article in Available services (Microsoft Docs).

ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
  • The Secret key successfully renewed for Azure AD User discovery option.
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM

Results

Once the Azure AD App secret keys/Security keys are renewed successfully, you can confirm the extended secret key expiry date. Also, confirm the ConfigMgr services are working fine after renewing the secret key.

ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM
ConfigMgr Renew One or more Azure AD App Secrets used by Cloud Services | SCCM

Resources

Sharing is caring!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.