My Technical Preview lab (TP2101) had a message in the ConfigMgr console informing me that:
“One or more Azure AD app secrets used by Cloud Services will expire soon. Renew to avoid service disruption.”
After some quick research I found this.
You need to renew the Azure AD app’s secret key before the end of its validity period. If you let the key expire, Configuration Manager can’t authenticate with Azure AD, which will cause your connected Azure services to stop working.
Starting in version 2006, the Configuration Manager console displays notifications for the following circumstances:
- One or more Azure AD app secret keys will expire soon
- One or more Azure AD app secret keys have expired
To mitigate both cases, renew the secret key.
For more information on how to interact with these notifications, see Configuration Manager console notifications.
That sounded pretty drastic so I clicked on the Renew secret link in the notification. This revealed my Secret Key Expiry (UTC) dates.
“Failed to renew the secret key for AAD server application. The remote server returned an error: (403) Forbidden.”
So I retried the action as an account that had an Azure Global Admin role, this time, all was good.
Note: According to Microsoft here the permissions needed must be via: “Enter the credentials of either the app owner or an Azure AD administrator”