As described in my previous post:
Using PowerShell to send custom log data to Log Analytics for Azure Monitor alerting and Kusto Query
https://blog.terenceluk.com/2022/03/using-powershell-to-send-custom-log.html
I had difficulty using Christopher Scott’s script to work when used in an automation account as the data sent to Log Analytics would display all Certificates & secrets as expired and the start and end times were not displayed and ended up spending most of my weekend troubleshooting why so in an effort to help anyone who may encounter the same issue as I did, this will be a quick blog post writeup that will outline the symptoms and resolution.
Problem
You attempt to use Christopher Scott’s PowerShell script (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/app-registration-expiration-monitoring-and-notifications/ba-p/2043805) to extract App Registration’s Certificates & secrets to send to Log Analytics but noticed that the data returned when querying for displays:
- All certificates and secrets as Expired
- The DaysToExpiration are all set to -738,241
- The StartDate and EndDate fields are expired
Solution
What was determined after troubleshooting this was that the default Az.Resources module for the Automation Account was version: 5.4.0.
It appears the cmdlet Get-AzADServicePrincipal and Get-AzADAppCredential returns null for a lot of the fields in this newer version.
To fix this issue, try downgrading it to 4.2.0 by downloading the nupkg package here:
https://www.powershellgallery.com/packages/Az.Resources/2.5.0
Rename the extension from nupkg to zip.
Import the package in the Modules of the Automation Account:
Try running the Runbook again to confirm that the data sent to Log Analytics is displayed properly as such:
