Check for AAD App registration secret expiration

Usage If checked, WPO365 will not attempt to check the expiration date of each Application (client) secret that you may have configured.


Important Once an Application (Client) Secret expires, it cannot be used anymore. If expired, users will be unable to sign in with their Microsoft account, and WPO365 will be unable to send WordPress emails using Microsoft Graph. Therefore, if you choose to uncheck this option, please ensure you have measures in place to notify you before a secret expires.

Please perform the following steps to enable WPO365 to regularly read the expiration date of an App Registration's secret.

  • Locate the View in Azure Portal link on any of the following WPO365 configuration pages: Mail, Single Sign-On or Integration. This will take you to the App Registration in question in https://portal.azure.com.
  • Continue to the registered App Registration's API Permissions page.
  • Click + Add a permission.
  • Select Microsoft Graph.
  • Select Application permissions.
  • Scroll down to > Application and add Application.Read.All.
  • Click Add permission.
  • Finally click the Grant admin consent for … link next to the + Add a permission link just above the list of already added permissions.
  • Continue to WP Admin > WPO365 > Integration.
  • Locate the section Application Access and check the option (if not already checked) to Use app-only token.
  • If you have already configured SSO and granted the permissions Application.Read.All to the same App Registration in Entra ID, click Use existing App registration From the Single Sign-on tab. Otherwise enter the Application (Client) ID and Secret manually.
  • Once you saved the configuration and unchecked the option to Skip check for Application (Client) Secret expiration, WPO365 will start monitoring the expiration dates of all the Application (Client) Secrets that you have configured for use with WPO365.

Also see the following video tutorial for help.


Tip To renew a secret, simply navigate to the App Registration in Entra ID, e.g. by following the View in Azure Portal link. Continue to the Certificates & secrets page, and click + New client secret. After you created a new secret, copy its Value (not the ID), and paste it in the corresponding field on the WPO365 configuration page in question. Lastly, save the updated configuration.

Please note WPO365 will check once per day whether any of the application / client secrets is about to expire within the next 30 days. To do so, WPO365 creates a new so-called WP Cron job. WP Cron jobs do not run continuously and that makes them unreliable. The good news is, that you can improve this in several ways. We have documented one solution to hook WP Cron into a task scheduling service. However, you can first install – for example – WP Crontrol and observe whether your WP Cron jobs are being regularly executed.

Default Checked

Versions LOGIN, MICROSOFT GRAPH MAILER

Path WP Admin > WPO365 > Single Sign-on / Mail / Integration

Visit the website https://www.wpo365.com/

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us