Learning and Sharing
  • Home
  • Blog
  • Linux
  • macOS
  • Virtualization
    • VMware
    • VirtualBox
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server
  • Series
    • Symantec
    • Intune
    • Microsoft Azure
    • Powershell
    • VirtualBox
    • VMware
    • PowerShell Learning
    • Microsoft Graph
  • More
    • Auto Installation
    • AEC Installation
  • Contact
No Result
View All Result
  • Home
  • Blog
  • Linux
  • macOS
  • Virtualization
    • VMware
    • VirtualBox
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server
  • Series
    • Symantec
    • Intune
    • Microsoft Azure
    • Powershell
    • VirtualBox
    • VMware
    • PowerShell Learning
    • Microsoft Graph
  • More
    • Auto Installation
    • AEC Installation
  • Contact
No Result
View All Result
No Result
View All Result

How to Create an Unlimited Client Secret in Microsoft Entra ID

May 20, 2024
in Azure Active Directory, Blog, Microsoft Entra ID
0
ADVERTISEMENT

Table of Contents

Creating a Client Secret in the Microsoft Entra admin center usually comes with an expiration date of up to two years. Managing and renewing this Client Secret biennially can be a tedious task. It would be convenient if one could create a Client Secret that does not expire. This article will walk you through the steps to create a perpetual Client Secret in Entra ID using PowerShell.

Client Secret in Entra ID

Credentials allow an application to authenticate on its own, removing the necessity for user interaction during runtime. For its simplicity, a Client Secret will be integrated into the app registration as the form of credentials.

To create a client secret for an application, you can either generate it through the application’s settings in the Azure portal or use PowerShell for a more automated approach.

  1. The validity period for a Client Secret in Entra ID is capped at a maximum of 24 months.
  2. Creating a Client Secret with PowerShell for an unlimited duration is possible. To achieve this, you must use a PowerShell script that sets the expiration date to an indefinite period, bypassing the standard 24-month limitation set by the Microsoft Entra ID portal.

If you have a Client Secret for an application in Entra ID and need to renew it, there is no need to create a new one. A PowerShell script can be used to generate a Client Secret without any limitations.

Register an application in Entra ID

How to register an application in the Microsoft Entra admin center.

1. Go to the Microsoft Entra admin center then Sign in to Microsoft Azure with your admin credentials

2. Expand the Applications menu > Click App registrations > New registration.

JvCPGxv0VRN4s9D4YqCpSjaTflI7Ysyz9l59n9DILMv6JKyDKjF7HuKDC1gY

3. Register an application

  • Choose a name for your application that meets your criteria.
  • Select Accounts in this organizational directory only – (Single tenant)
  • Click Register
aNNRm71eb2FQgj9rUVnV2VFHQSOHFAOX0cuRDWHu4P4r5btoTVx1cV88jMj8

Once the app is created, navigate to the Overview page and copy the Object ID. Then, paste this ID into Notepad; you will need it later for creating an unlimited Client Secret using PowerShell.

kCuK6s0Yh9fVsvKyhmDpFUWjZVovOq31U45EChqu0N8704QGNVsM1fXDyB8X

Create a Client Secret for application in Entra ID (Optional)

Note Note: The expiration date for a Client Secret is capped at 24 months (2 years). In Entra ID, it's not possible to select an expiration period beyond this when creating or renewing a Client Secret. However, using PowerShell allows for the setting of an expiration date without any limit..

To generate a Client Secret for your application in Entra ID, you should perform the following steps:

  1. Click on Certificates & secrets
  2. Click Client secrets > New client secret
  3. Type the description
  4. Select an expiration date
  5. Click Add
xg4JxLr1vMe7E2S4KGaUs9asFHjYlf1sk5AeWzadlTaRcEkMRCdB444ecxg8

6. Copy the Client Secret value and ensure it is securely stored.

Note Note: Client secret values cannot be viewed except immediately after creation. Remember to save the secret when created before leaving the page.
1lpHcdCaGv5cf9Bj4F02mArs8mTF469qsMm2180aeV2lYrkcXFKNq9ysxCO0

Create a never-expired client secret with PowerShell

Once you have registered an application, it is possible to generate a Client Secret that has no expiration date by utilizing PowerShell.

1. Launch Windows PowerShell (Terminal) with administrative privileges and execute the following command to install the necessary Microsoft Graph PowerShell module.

Install-Module Microsoft.Graph.Applications -Scope CurrentUser

2. Copy the script below and paste it into your preferred text editor. Remember to replace the Object ID you copied previously during the app registration process.

# Connect to Microsoft Graph
Connect-MgGraph -Scopes 'Application.ReadWrite.All'

# Parameters
$AppObjectId = "xxxxxxxx-xxxxxx-xxxx-xxxx-xxxxxxxxx"
$AppSecretDescription = "Never expired client secret"
$AppYears = "50"

$PasswordCred = @{
    displayName = $AppSecretDescription
    endDateTime = (Get-Date).AddYears($AppYears)
}

# Add App Client Secret - Valid for 50 years (change to 999 for unlimited years)
$Secret = Add-MgApplicationPassword -ApplicationId $AppObjectId -PasswordCredential $PasswordCred

# Write Client Secret value
$Secret | Format-List

3. Your code is ready, copy and paste your code into the PowerShell windows then sign in with your global administrator credentials.

4. Select Consent on behalf of your organization then Click the Accept button.

nYp8CLMhxjkm7iUZkDIXb6GXPwAJvqR6h65zDwqJsKxeWyVpEGyEoxbeOIOU

5. The PowerShell output will show the SecretText (Client Secret Value). Make sure to copy the SecretText (Client Secret Value) and save it in a secure location.

PS C:\> $Secret | Format-List

CustomKeyIdentifier  :
DisplayName          : Never expired client secret
EndDateTime          : 1/19/2074 3:00:18 AM
Hint                 : tFs
KeyId                : 9fffb36d-788d-437f-b10b-f986e5fd0a47
SecretText           : tFs8Q~VJBO8Yrgq6gFxexUfyLRWuIfAXin7jYbKl
StartDateTime        : 1/19/2024 3:00:20 AM
AdditionalProperties : {[@odata.context,
                       https://graph.microsoft.com/v1.0/$metadata#microsoft.graph....]}
Note Note: Client secret values are only visible immediately after their creation. Ensure you save the secret before closing the PowerShell window.

6. Go to the Microsoft Enter admin center to verify the secret has been created.

AY49QFjT1MlWKJ4nlpH5QSiTfoQ5H3qkkuoQNgJrKb7S0vbpUI2JepcwBBjl

The new Client Secret has been created and will expire after 50 years. You have successfully configured a Client Secret for your Microsoft Azure application that does not have an expiration date.

Conclusion

This guide will walk you through the process of creating a non-expiring Client Secret in Entra ID using PowerShell, thus removing the necessity to renew the Client Secret periodically.

ADVERTISEMENT

Not a reader? Watch this related video tutorial:

5/5 - (2 votes)
Previous Post

How to Check the Language Code of a Windows ISO Image

Next Post

How to Verify Azure AD Tenant Availability

Related Posts

Running Hyper-V and VMware Workstation on The Same Machine

August 15, 2024

How to Uninstall All Autodesk Products At Once Silently

July 29, 2024
Ftr5

How to Uninstall the Autodesk Genuine Service on Windows

July 29, 2024
Ftr19

How to Fix Windows Cannot Read the ProductKey From the Unattend Answer File in VirtualBox

July 26, 2024
Ftr25

How to Update Windows Terminal in Windows 10/11

July 26, 2024

How to Disable The Beep Sound in WSL Terminal on Windows

July 26, 2024

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • How To Turn On uBlock Origin Extension in Chrome (2025)
  • Images Hidden Due To Mature Content Settings In CivitAI
  • Azure OpenAI vs Azure AI Hub, How to Choose the Right One for Your Needs

Categories

Stay in Touch

Discord Server

Join the Discord server with the site members for all questions and discussions.

Telegram Community

Jump in Telegram server. Ask questions and discuss everything with the site members.

Youtube Channel

Watch more videos, learning and sharing with Leo ❤❤❤. Sharing to be better.

Newsletter

Join the movement and receive our weekly Tech related newsletter. It’s Free.

General

Microsoft Windows

Microsoft Office

VMware

VirtualBox

Technology

PowerShell

Microsoft 365

Microsoft Teams

Email Servers

Copyright 2025 © All rights Reserved. Design by Leo with ❤

No Result
View All Result
  • Home
  • Linux
  • Intune
  • macOS
  • VMware
  • VirtualBox
  • Powershell
  • Windows 10
  • Windows 11
  • Microsoft 365
  • Microsoft Azure
  • Microsoft Office
  • Active Directory

No Result
View All Result
  • Home
  • Linux
  • Intune
  • macOS
  • VMware
  • VirtualBox
  • Powershell
  • Windows 10
  • Windows 11
  • Microsoft 365
  • Microsoft Azure
  • Microsoft Office
  • Active Directory