Renew Client Secret in Azure AD

How to renew the Client Secret for the Azure AD application? There are two ways to renew a Client Secret in Azure AD. One way is to use the Microsoft Azure portal, and the other is PowerShell. In this article, we will show how to renew the Client Secret in Azure AD in both ways.

Table of contents

Renew Client Secret in Azure AD portal

To renew the Client Secret in Azure AD portal, follow these steps:

1. Sign in to the Microsoft Azure portal.

2. Navigate to Azure Active Directory > App registrations > Owned applications.

3. Select the application.

Renew Client Secret in Azure AD app registrations

4. Click on Certificate & secrets > Client secrets > New client secret.

Renew Client Secret in Azure AD before

5. Give a description and an expiration for the Client’s Secret.

Note: The maximum Client Secret expiration date is 24 months. Even if you select the Custom option, the maximum is 2 years. But with PowerShell, there is no maximum, and you can set any date.

Renew Client Secret in Azure AD 24 months

6. Copy the value.

Note: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the Client Secret value when created before leaving the page.

Renew Client Secret in Azure AD added

Renew Client Secret in Azure AD with PowerShell

To renew the Client Secret with PowerShell, follow the below steps:

1. Go to the application overview.

2. Copy the Object ID and paste it into Notepad (you will need it later).

Renew Client Secret in Azure AD object ID

3. Run PowerShell ISE as administrator.

4. Copy and paste the below script into PowerShell ISE.

Note: The script creates a new Client Secret from the day you run the script and the added years. You can adjust it to 999 for unlimited days.

5. Paste the Object ID you copied from the previous step on line 2.

6. Fill in the Client Secret description on line 3.

7. Fill in the Client Secret expiration years on line 4.

8. Run the PowerShell script and sign in with your global administrator credentials.

Note: Ensure that you have the Azure Active Directory PowerShell Module installed.

# Parameters
$AppObjectID = "4e2eb130-820c-4a76-9404-105abc466ec7"
$AppSecretDescription = "Robot 1"
$AppYears = "10"

# Connect to AzureAD
Connect-AzureAD

# Add App Client Secret - Valid for 10 years (change to 999 for unlimited years)
$StartDate = Get-Date
$EndDate = $StartDate.AddYears($AppYears)
$AppClientSecret = New-AzureADApplicationPasswordCredential -ObjectId $AppObjectID -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier $AppSecretDescription

# Write Client Secret value
Write-Host $AppClientSecret.Value

9. After your run the script, it will show the Client Secret value as output.

kLJKtcuo0wGHxTtqw4TAJK8QHE2bumy5f0E+eDVNsok=

10. Go to the Client Secrets panel and verify that the new client secret has been added.

That’s it!

Read more: Configure Exchange Online Certificate Based Authentication for unattended scripts »

Conclusion

You learned how to renew the Client Secret in Azure AD. There is no renewal option, and you must create a new Client Secret. Copy and use the Client Secret value in your PowerShell scripts or applications. Remember to delete the Client Secret that is expired or going to expire.

Did you enjoy this article? You may also like Restrict access to Azure AD administration portal. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *