How to renew a Client Secret in SharePoint Online using PowerShell?

Requirement: Renew a client secret in SharePoint Online.

How to Extend the Validity of a Client Secret in SharePoint Online?

Any Client ID (or App ID) and client secret registered through SharePoint Online’s /_layouts/15/AppRegNew.aspx has the validity of 1 year, and there are ways to renew the client secret from the web user interface (as of today!). You may start to see 401 unauthorized errors if the given client secret is expired, and applications/add-ins that use the specific expired client secret will stop working!

how to renew client secret in sharepoint online

PowerShell to renew client secret SharePoint Online

Assuming you have AzureAD PowerShell module installed, Here is the PowerShell script to extend the validity of a given App’s client secret by 10 years. Few notes:

  • Login as a Tenant Administrator when prompted
  • Make sure you set the $AppName according to your requirement.
  • Set the $EndDate parameter to set when the client secret will expire.
$AppName = "File Server Sync Utility"

#Connect to AzureAD
Connect-AzureAD -Credential (Get-Credential)

#Get the Client ID
$App = Get-AzureADServicePrincipal -All $true |  Where-Object {$_.DisplayName -eq $AppName} # Or {$_.AppID -eq '4562ff5a-568c-45a1-a4da-18d64c359ec2'}

#Get the Current Expiry Date
$CurrentExpiryDate = (Get-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId).EndDate
Write-host "Current Expiry Date:"$CurrentExpiryDate

#Extend the validity of the App by 10 years
$StartDate = Get-Date
$EndDate = $StartDate.AddYears(10)
New-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId -StartDate $StartDate -EndDate $EndDate

The above PowerShell extends the validity of the existing client secret! In other words, the same client secret will be generated with a new expiration date. What If you want to replace the existing client secret (or Password) with a new one?

New-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId -StartDate $StartDate -EndDate $EndDate -Value "MyNewClientSecretGoesHere"

Now, You can validate the Client ID and Client Secret by connecting to SharePoint Online:

#Connect to PnP using Client ID and Client Secret
$SiteURL = ""
Connect-PnPOnline -ClientId "4562ff5a-568c-45a1-a4da-18d64c359ec2" -ClientSecret "h9+rJfADo72e3w6uW5qfgeVRO98vzDc0LrSbGemm=" -Url $SiteURL

#Get All Lists from the site

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

Leave a Reply