Skip to main content

How to renew the Client Secret for the Microsoft Entra ID application? There are two ways to renew a Client Secret in Microsoft Entra ID. One way is to use the Microsoft Entra ID admin center, and the other is PowerShell. In this article, we will show how to renew the Client Secret in Microsoft Entra ID in both ways.

Renew Client Secret in Microsoft Entra admin center

To renew the Client Secret in Microsoft Entra ID admin center, follow these steps:

  1. Sign in to the Microsoft Entra admin center
  2. Expand Identity > Applications > App registrations
  3. Click on Owned applications
  4. Select the application
Renew Client Secret in Microsoft Entra ID app registrations
  1. Click on Certificate & secrets > Client secrets > New client secret
Renew Client Secret in Microsoft Entra ID before
  1. Give a description and an expiration for the Client Secret
  2. Click Add

Note: The maximum Client Secret expiration date is 24 months. Even if you select the Custom option, the maximum is 2 years. But with PowerShell, there is no maximum, and you can set any date.

Renew Client Secret in Microsoft Entra ID 24 months
  1. Copy the value

Note: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the Client Secret value when created before leaving the page.

Renew Client Secret in Microsoft Entra ID added

Renew Client Secret in Microsoft Entra ID with PowerShell

To renew the Client Secret with PowerShell, follow the below steps:

  1. Go to the application overview
  2. Copy the Object ID and paste it into Notepad (you will need it later)
Renew Client Secret in Microsoft Entra ID object ID
  1. Run PowerShell as administrator and Install the Microsoft Graph PowerShell module
Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force

Important: Always install the Microsoft Graph PowerShell and Microsoft Graph Beta PowerShell modules. That’s because some cmdlets are not yet available in the final version, and they will not work. Update both modules to the latest version before you run a cmdlet or script to prevent errors and incorrect results.

  1. Copy and paste the below script into PowerShell.

Note: The script creates a new Client Secret from the day you run the script and the added years. You can adjust it to 999 for unlimited days.

  1. Paste the Object ID you copied from the previous step on line 5
  2. Fill in the Client Secret description on line 6
  3. Fill in the Client Secret expiration years on line 7
  4. Run the PowerShell script and sign in with your global administrator credentials
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Application.ReadWrite.All"

# Parameters
$AppObjectId = "14cb53ee-d574-4d43-bbd6-421d51c699e0"
$AppSecretDescription = "PilotNewUnlimited"
$AppYears = "10"

$PasswordCred = @{
    displayName = $AppSecretDescription
    endDateTime = (Get-Date).AddYears($AppYears)
}

# Add App Client Secret - Valid for 10 years (change to 999 for unlimited years)
$Secret = Add-MgApplicationPassword -ApplicationId $AppObjectId -PasswordCredential $PasswordCred

# Write Client Secret value
$Secret | Format-List
  1. After you run the script, it will show the SecretText value as output
CustomKeyIdentifier  : 
DisplayName          : PilotNewUnlimited
EndDateTime          : 28/02/2034 16:19:26
Hint                 : at8
KeyId                : 9e978668-f554-49a9-88c3-6438ad151612
SecretText           : at88Q~L2d-pQ2_YyefjthuRGYN69_zdhGcdedccs
StartDateTime        : 28/02/2024 16:19:27
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.passwordCredential]}
  1. Go to the Client Secrets tab and verify that the new client secret appears

That’s it!

Leave a Reply