Skip to content

Updating a Secret for an Application in Microsoft Entra ID

Prerequisites

  • Access to Microsoft Entra admin center (or Azure Portal)
  • Application Administrator, Cloud Application Administrator, application ownership, or Global Administrator role
  • Knowledge of the Application (client) ID or name of the application whose secret is being updated

Procedure

1. Sign in to Entra ID

  1. Open https://entra.microsoft.com.
  2. Sign in with an account that has the appropriate permissions.

2. Find the Application

  1. In the left menu, select App registrations.
  2. Switch to the All applications tab.
  3. Search for the application by name or Application (client) ID and open it.

3. Create a New Client Secret

  1. In the application menu, select Certificates & secrets.
  2. On the Client secrets tab, click + New client secret.
  3. Fill in:
  4. Description – a descriptive name (e.g. secret-2026-05)
  5. Expires – expiration period (recommended max. 12–24 months, per internal policy)
  6. Click Add.
  7. Copy the value from the Value field immediately – it cannot be displayed again after leaving the page. The displayed Secret ID is not the value used for authentication.

⚠️ Important: Store the secret value securely.

4. Update the Secret in the Application or Service

  1. In the target application, service, or configuration, replace the old secret value with the new one.
  2. Restart the service if necessary.
  3. Verify that authentication works correctly (e.g. by a test API call or login).

5. Remove the Old Secret

  1. After confirming the new value works, return to Certificates & secrets.
  2. Click the trash icon next to the old secret and confirm deletion.

Recommendations

  • Keep a record of secrets and their expiration dates (e.g. in Key Vault with tags or in internal documentation).
  • Set a reminder at least 30 days before expiration.

Responsibility for Expiration

Notice: Monitoring the validity and timely renewal of client secrets is the sole responsibility of the application owner (administrator) or the customer. We accept no liability for outages, loss of functionality, or any damages caused by the expiration of a secret in Microsoft Entra ID. We recommend establishing internal processes for regular review and renewal of secrets before they expire.