What is a one sentence summary of your feature request?
Creation of Entra ID Application Objects (App Registrations) should be more automated
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Three of the products I support, Netwrix Auditor, Netwrix 1Secure, and Netwrix Data Classification, all require Application Objects and Service Principals for querying Microsoft Azure’s various APIs for the purposes of data collection and auditing. The process of setting up the Application Objects, provisioning all of the API permissions, granting admin consent, generating the App Secrets (or TLS certificates as the case may be), and then entering all of this information into our products is time-consuming, is prone to normal human error, and is a driver of Support Tickets. This is especially true given that the best practice is to have one Application Object per data source, per product. A customer who is auditing Entra ID, Exchange Online, SharePoint Online, and Microsoft Teams would have to create four total for Netwrix Auditor, and three for 1Secure as Teams is not yet supported.
A tool or a feature built into the products that automates this process would be very helpful for our customers.
The tool should take customer credentials (with the appropriate roles and permissions), the product being used, and the data source as input.
The tool should enter meaningful names for the Application Object and any other objects, so customers may easily identify them.
The tool should output:
-Results of the request (success, fail, error messages, etc.)
-Tenant ID
-Application ID
-App Secret (if applicable)
-TLS certificate (if applicable)
-Expiration date of App Secret and/or TLS certificate (if applicable).
How do you currently solve the challenges you have by not having this feature?
The Application Objects are either created manually on the Azure or Entra ID portals following our documentation.
Years ago, I discovered that the API permission provisioning process could be automated somewhat by pasting in those API permissions from the Application Manifest of a known working Application Object. This was provided to our documentation team for Auditor, but it is not known how often customers utilize this. This can provide significant time savings, but I believe we can do better.