The way updating the certificate for Run As account should be more flexible
Currently, the self-signed certificate that you created for the Run As account expires one year from the date of creation and the certificate won’t be automatically updated. Although you can set your certificate to expire a very long time by using Azure PowerShell, some users wonder that it will be a security issue if such a long certificate leaks. Such users are required to update the certificate every year before it expired. It would be great if the operations to update a certificate could be flexible as follows so that the uses can omit the troublesome procedure, which is updating the certificate every year.
- Any expiration date can be set from Azure portal
- Add an option of automatic update
We are bringing in support for Managed identity in Azure Automation which would be the recommended way going forward for authentication & get over the issues\overhead associated with managing RunAs cert.
ETA :March-End\Early April CY21.
Eric Knapp commented
Ran into same issue with a client where certificate expired. We also would like a notification email indicating it needs to be renewed perhaps 2 weeks prior or something (?)