Applications with long-lived credentials
Detects application secrets or certificates with a lifetime greater than 2 years.
How to fix it
Rotate credentials at least annually. Prefer certificates over client secrets and use managed identities where possible.
Required Microsoft Graph permissions
EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:
Directory.Read.AllApplication.Read.All
Further reading
Run this check on your tenant
EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.
Get started — free first scan →