Kind of reverse engineering the Microsoft Graph API it is helpful to observe what the Azure CLI is doing under the hood, e.g.
$ az ad sp credential list --id $AZURE_CLIENT_ID --debug
...
# Find Service Principal by App Id (or Name) to get {sp_id} ...
msrest.http_logger: Request URL: 'https://graph.windows.net/.../servicePrincipals?$filter=servicePrincipalNames/any(c:c eq '{app_id}')'
# Retreive the Service Principal
msrest.http_logger: Request URL: '.../servicePrincipals/{sp_id}'
# Retreive application by appId
msrest.http_logger: Request URL: '/applications?$filter=appId eq {app_id}'
# Retreive credentials by application ${object_id}
msrest.http_logger: Request URL: '/applications/{object_id}/passwordCredentials- Supported metrics with Azure Monitor
- Microsoft Graph Core Python Client Library (preview)
- Azure Identity client library for Python
- az ad sp credential list
- List servicePrincipals
- Azure AD & Microsoft Graph permission scopes, with Azure CLI
- Creating a Self-Signed Certificate With OpenSSL
- How can I tell when a Azure AD client secret expires?
- Alert on Client Secret Key Expiry for App registration
- Security Graph API and getting alerts
- Azure/azure-service-operator for Kubernetes
- webdevops/azure-metrics-exporter - great, maps to Azure metrics to Prometheus metrics. However App registrations have no metrics
- RobustPerception/azure_metrics_exporter - againa: resources only, no apps
- Grafana Azure Monitor data source has no option for app registrations or service principals
- Reading Application details using Terraform