When I use the provisioning api for Office 365 (via connect-msolservice or via https://provisioningapi.microsoftonline.com/provisioningwebservice.svc) I am using a user name and password. When I connect, I automate using powershell or via the web service and to office 365 deployment stuff (like federating/unfederating a local domain.)
The problem I am facing is that passwords will eventually expire and my service will be disrupted. I am looking for a way to prevent this. Question is:
- Can I use Service Principal Names (say belonging to the "Company Administrator" role) to connect to the provisioning api? (ie, like the Graph APIs uses SPNs) Basically substitute the user/password with the service principal/password? I think SPNs password have a longer duration so I don't worry about password expiration.
-if this is not possible, is there a way to query, given an account in Office 365/Azure AD, if it's password is about to expire?
Thanks Den H.
