Alerts about certificate events and issues in your Microsoft Azure configuration.
The Microsoft Azure Certificate Event Monitor checks certificates in your Microsoft Azure key vaults and sends you alerts if the certificates are due to expire in a specified number of days.
This event monitor provides the following options:
Use this option to alert you if the event monitor is unable to connect to Microsoft Azure. Reasons for a failure to connect include invalid security tokens and loss of external network access.
This option will send you an alert of your choice of urgency if the event monitor detects certificates that are new since the last time the event monitor ran.
When you enable this option, you'll receive an alert of your choosing if the event monitor detects one or more expired certificates.
Here, you can specify how many days before a certificate expiry you'd like to receive each level of alert.
Checking this box lets you filter out older alerts about certificates that have already expired.
This option will send you alerts about certificates that expire later than expected so you can investigate why.
This option lets you include a table of all certificates in the event text generated each time the event monitor runs.
This option lets you include all certificates in the table generated each time the event monitor runs.
This option lets you include all valid certificates in the table the event monitor generates.
This option allows you to receive a list of all expired certificates in the event text generated each time the event monitor runs.
This option, when selected, includes a list of any certificates due to expire in the 30 days following each event monitor run.
Enter one name per line of the key vaults you want to selectively check. Leave blank to check all key vaults.
Enter one name per line of the key vaults you want to ignore.
Enter one name per line of the certificates you want the event monitor to ignore.
First, you'll need to create an app registration to add to your event monitor's authentication profile. Information on how to do this can be found in our "Creating an Azure Authentication Profile" article.
Your event monitor will also need Reader permissions at the subscription level. To configure this, go to your Azure portal and click Subscriptions > [Your Subscription] > Access Control (IAM) > Add Role Assignment, then search for "Reader". Then, add your app registration as a member and click "Review and Assign".
You'll also need to add the "Key Vault Reader" role assignment at the resource group level. To do this, search for "resource" and click on the "Resource Group" option that shows up. Choose the resource group and key vaults you want to use. It's good practice to specify each key vault you want to monitor in the event monitor, otherwise you'll have to do the aforementioned configuration for each key vault in your Azure environment. This event monitor also needs "Get" and "List" certificate permissions on each key vault.
This event monitor generates the following data points:
|Certificates||The current number of certificates.|
Add a comment