RileyS on Mon, 15 Feb 2016 01:09:20
1) Why is there a two-year limit for the certificate?
2) What happens at the end of the two years and what needs to be done to continue?
Thomas W Shinder - MSFT on Mon, 15 Feb 2016 14:32:17
Hi Riley -
The two year limit is discussed in this PKI best practices article on the Azure Security blog:
Let me see what I can find out regarding details of what you need to do prior to certificate expiration.
BrettBartrum on Fri, 02 Dec 2016 18:56:50
Any update on what to do when the Azure AD Application (AAD) client secret expires? Thomas, could dive into some more detail how this functions? I want to make sure I understand how this technology works. From my understanding:
Keyvault has access to the Azure AD Application via Set-AzureRmKeyVaultAccessPolicy
Azure VM's gain access to the keyvault via the AAD Client ID/Secret (Secret Expires 1-2 years)
Keyvault will store and respond with Bitlocker keys (Never Expires)
So if my understanding is correct a new client secret will need to be generated and assigned to the bitlocker VM's. Otherwise the VM's won't boot after aad key expiration?