APP-02: Enforce Application Credential Expiration
Frequently asked questions about implementing and managing the APP-02 security control in Microsoft 365 and Entra ID.
QWhat is APP-02 (Enforce Application Credential Expiration)?▼
APP-02 is a security control that long-lived or non-expiring secrets are a supply chain attack risk. if a secret is leaked, it remains valid indefinitely. rotating credentials limits the window of exposure from compromised secrets. It requires that all application secrets (client secrets) have expiration dates and maximum secret lifetime is 12 months or less, certificate-based authentication is preferred over secrets, no non-expiring secrets exist.
QWhy is Enforce Application Credential Expiration important for Microsoft 365 security?▼
Long-lived or non-expiring secrets are a supply chain attack risk. If a secret is leaked, it remains valid indefinitely. Rotating credentials limits the window of exposure from compromised secrets.
QHow do I implement APP-02 in my tenant?▼
APP-02 requires manual implementation. Review and update application credentials
QWhat license do I need for APP-02?▼
This control can be implemented with any Microsoft 365 subscription, including free Azure AD.
QWhich security baseline includes APP-02?▼
APP-02 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.
QWhy is APP-02 marked as critical severity?▼
APP-02 is rated critical because failure to implement this control significantly increases the risk of security incidents. Long-lived or non-expiring secrets are a supply chain attack risk. If a secret is leaked, it remains valid indefinitely. Rotating credentials limits the window of exposure from compromised secrets.
6
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial