# Credential Expiry ### Purpose of this report The **Applications โ€“ Credential Expiry** report provides a centralized overview of **application credentials (certificates and secrets)** in your Entra ID tenant, with a strong focus on: * Identifying **expired** and **soon-to-expire** credentials * Reducing the risk of **application outages** caused by expired secrets or certificates * Supporting **operational hygiene and security reviews** * Helping teams understand **which applications are still in use** and which may be candidates for cleanup Expired or unmanaged credentials are a common cause of production incidents. This report exists to make credential lifecycle management **visible, actionable, and auditable**. *** ### What data the report is based on The report aggregates data from: * Entra ID application registrations and enterprise applications * Application credentials (secrets and certificates) * Sign-in and usage indicators collected by Bs ure Insights > **Note**\ > Application usage information is correlated with the **Applications โ€“ Usage** report. An application may have valid credentials but show no recent usage, which can indicate it is no longer needed. *** ### When should you use this report? Typical use cases include: * ๐Ÿ”” **Proactive monitoring** of credentials nearing expiration * ๐Ÿ”ฅ **Incident response** when an application stops working due to authentication failures * ๐Ÿงน **Cleanup initiatives** to identify unused applications with valid credentials * ๐Ÿ” **Security reviews and audits** to ensure credentials follow best practices *** ### Report overview #### High-level metrics At the top of the report, youโ€™ll find summary indicators such as: * **Total applications** detected * Filters for **Enabled**, **App in use**, **Credential status**, and **Credential type** * Tenant selector for multi-tenant scenarios These allow you to quickly scope the report to the applications that matter most. *** ### Filters and slicers The following filters are available to help narrow down the data: #### Application & status filters * **Enabled**\ Filter on whether the application is currently enabled in Entra ID. * **App in use**\ Indicates whether the application has recent sign-in activity (based on Usage data). * **Credential status** * Valid * Expired * **Credential type** * Secret * Certificate #### Ownership & governance filters * **Application owner**\ Filter on whether an application has an assigned owner. * **Application owner name**\ Narrow results to a specific owner. #### Tenant & search * **Tenant**\ Useful in environments where multiple tenants are monitored. * **Application name search**\ Free-text search to quickly locate a specific application. *** ### Application Details Table The **Application Details Table** is the core of the report. Each row represents a single application credential. #### Key columns explained * **Application name**\ Name of the application registration or enterprise application. * **Created**\ When the application was originally created. * **Application owner**\ Indicates whether an owner is assigned (important for accountability). * **Credential type** * Secret * Certificate * **Credential status** * Valid * Expired * **Credential start date**\ When the credential became active. * **Credential end date**\ When the credential expires or expired. * **Credential duration**\ Credential lifetime in days (useful for spotting overly long-lived secrets). * **Enabled**\ Whether the application is enabled. * **App in use**\ Shows whether the application has been used recently.