Is it possible to determine which resource (API, app service, application) is using an expired client secret? The app registration to which the expired client secret belongs has multiple valid client secrets, but I don't know which resource is using the expired client secret.
I tried to manually look into logic apps. into the keyvault etc.
As I mentioned in comments, to determine which resource is using an expired client secret, you can check the Azure AD sign-in logs to see which applications are failing to authenticate. You can also check the Azure AD audit logs to see which applications are using the expired client secret.
same way for audit log-
Additionally, you can use azure log analytics to query your requirement
To search for the expired client secret issue, you will want to look for failed sign-ins related to the service principal (application). Here's a query that should help you identify failed sign-ins potentially due to an expired client secret:
This query will list the failed sign-in attempts for the application specified by the
<App Registration Application (client) ID>. Be sure to replace<App Registration Application (client) ID>with your actual Application ID.or you don't even have to go that critical and simply use
and then export it as excel and filter out with failure reason.
The
ResultTypefield is used here to filter out successful sign-ins; typically,0indicates success, so any non-zeroResultTypecould indicate a failure, which might be due to the expired client secret.ResultDescriptionshould give you more information about why the sign-in attempt failed.