circle-exclamation
Documentation is updated to support Bsure version 2. Select version 1 in the menu if you are still running that version.
search
bsure.ioProductPricingStoriesInsightsAbout

Credential Expiry

hashtag
Purpose of this report

The Applications – Credential Expiry report provides a centralized overview of application credentials (certificates and secrets) in your Entra ID tenant, with a strong focus on:

  • Identifying expired and soon-to-expire credentials

  • Reducing the risk of application outages caused by expired secrets or certificates

  • Supporting operational hygiene and security reviews

  • Helping teams understand which applications are still in use and which may be candidates for cleanup

Expired or unmanaged credentials are a common cause of production incidents. This report exists to make credential lifecycle management visible, actionable, and auditable.

hashtag
What data the report is based on

The report aggregates data from:

  • Entra ID application registrations and enterprise applications

  • Application credentials (secrets and certificates)

  • Sign-in and usage indicators collected by Bs ure Insights

Note Application usage information is correlated with the Applications – Usage report. An application may have valid credentials but show no recent usage, which can indicate it is no longer needed.

hashtag
When should you use this report?

Typical use cases include:

  • 🔔 Proactive monitoring of credentials nearing expiration

  • 🔥 Incident response when an application stops working due to authentication failures

  • 🧹 Cleanup initiatives to identify unused applications with valid credentials

  • 🔐 Security reviews and audits to ensure credentials follow best practices

hashtag
Report overview

hashtag
High-level metrics

At the top of the report, you’ll find summary indicators such as:

  • Total applications detected

  • Filters for Enabled, App in use, Credential status, and Credential type

  • Tenant selector for multi-tenant scenarios

These allow you to quickly scope the report to the applications that matter most.

hashtag
Filters and slicers

The following filters are available to help narrow down the data:

hashtag
Application & status filters

  • Enabled Filter on whether the application is currently enabled in Entra ID.

  • App in use Indicates whether the application has recent sign-in activity (based on Usage data).

  • Credential status

    • Valid

    • Expired

  • Credential type

    • Secret

    • Certificate

hashtag
Ownership & governance filters

  • Application owner Filter on whether an application has an assigned owner.

  • Application owner name Narrow results to a specific owner.

hashtag
Tenant & search

  • Tenant Useful in environments where multiple tenants are monitored.

  • Application name search Free-text search to quickly locate a specific application.

hashtag
Application Details Table

The Application Details Table is the core of the report. Each row represents a single application credential.

hashtag
Key columns explained

  • Application name Name of the application registration or enterprise application.

  • Created When the application was originally created.

  • Application owner Indicates whether an owner is assigned (important for accountability).

  • Credential type

    • Secret

    • Certificate

  • Credential status

    • Valid

    • Expired

  • Credential start date When the credential became active.

  • Credential end date When the credential expires or expired.

  • Credential duration Credential lifetime in days (useful for spotting overly long-lived secrets).

  • Enabled Whether the application is enabled.

  • App in use Shows whether the application has been used recently.

PreviousSuccessful sign-ins from blocked countries?NextUnused Applications

Last updated

Was this helpful?