We have an application that has a service principal configured in order to grant access to azure resources. This service principal has a password configured with an expiration.
We want to configure our application to be aware of his service principal credential password expiration date. Which is the best way to grant access to a service principal to his own expiration date?
By default this is not allowed.
az ad app show --id xxxxxxxxxx
Insufficient privileges to complete the operation.
But can enable some API permissions (legacy Azure Active Directory Graph /Directory.Read.All) and it works but this seems too open.
Is there any way to to grant access to only see only data from his own application id? Which is the best way to do this?