How to renew a Client Secret in SharePoint Online using PowerShell?

Requirement: Renew a client secret in SharePoint Online.

How to Extend the Validity of a Client Secret in SharePoint Online?

Any Client ID (or App ID) and client secret registered through SharePoint Online’s /_layouts/15/AppRegNew.aspx has the validity of 1 year, and there are no ways to renew the client secret from the web user interface (as of today!). You may start to see 401 unauthorized errors if the given client secret is expired, and applications/add-ins that use the specific expired client secret will stop working!

how to renew client secret in sharepoint online

PowerShell to renew client secret SharePoint Online

Assuming you have the AzureAD PowerShell module installed, Here is the PowerShell script to extend the validity of a given App’s client secret by 10 years. Few notes:

  • Login as a Tenant Administrator when prompted
  • Make sure you set the $AppName according to your requirement.
  • Set the $EndDate parameter to set when the client secret will expire.
$AppName = "File Server Sync Utility"

#Connect to AzureAD
Connect-AzureAD -Credential (Get-Credential)

#Get the Client ID
$App = Get-AzureADServicePrincipal -All $true |  Where-Object {$_.DisplayName -eq $AppName} # Or {$_.AppID -eq '4562ff5a-568c-45a1-a4da-18d64c359ec2'}

#Get the Current Expiry Date
$CurrentExpiryDate = (Get-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId).EndDate
Write-host "Current Expiry Date:"$CurrentExpiryDate

#Extend the validity of the App by 10 years
$StartDate = Get-Date
$EndDate = $StartDate.AddYears(10)
New-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId -StartDate $StartDate -EndDate $EndDate

The above PowerShell extends the validity of the existing client secret! In other words, the same client secret will be generated with a new expiration date. What If you want to replace the current client secret (or Password) with a new one?

New-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId -StartDate $StartDate -EndDate $EndDate -Value "MyNewClientSecretGoesHere"

Now, You can validate the Client ID and Client Secret by connecting to SharePoint Online:

#Connect to PnP using Client ID and Client Secret
$SiteURL = ""
Connect-PnPOnline -ClientId "4562ff5a-568c-45a1-a4da-18d64c359ec2" -ClientSecret "h9+rJfADo72e3w6uW5qfgeVRO98vzDc0LrSbGemm=" -Url $SiteURL

#Get All Lists from the site

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

One thought on “How to renew a Client Secret in SharePoint Online using PowerShell?

  • Can you run a report on each site to know which service principals in Azure map to credentials granting access to SPO sites?


Leave a Reply

Your email address will not be published.