Remove-AzureRmADAppCredential

Removes a credential from an application.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

Remove-AzureRmADAppCredential
      -ObjectId <Guid>
      [-KeyId <Guid>]
      [-PassThru]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-AzureRmADAppCredential
      -ApplicationId <Guid>
      [-KeyId <Guid>]
      [-PassThru]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-AzureRmADAppCredential
      -DisplayName <String>
      [-PassThru]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-AzureRmADAppCredential
      [-KeyId <Guid>]
      -ApplicationObject <PSADApplication>
      [-PassThru]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Remove-AzureRmADAppCredential cmdlet can be used to remove a credential key from an application in the case of a compromise or as part of credential key rollover expiration. The application is identified by supplying either the object ID or AppId. The credential to be removed is identified by its key ID.

Examples

Example 1 - Remove a specific credential from an application

PS C:\> Remove-AzureRmADAppCredential -ObjectId 7663d3fb-6f86-4352-9e6d-cf9d50d5ee82 -KeyId 9044423a-60a3-45ac-9ab1-09534157ebb

Removes the credential with key id '9044423a-60a3-45ac-9ab1-09534157ebb' from the application with object id '7663d3fb-6f86-4352-9e6d-cf9d50d5ee82'.

Example 2 - Remove all credentials from an application

PS C:\> Remove-AzureRmADAppCredential -ApplicationId 4589cd6b-3d79-4bb4-93b8-a0b99f3bfc58

Removes all credentials from the application with application id '4589cd6b-3d79-4bb4-93b8-a0b99f3bfc58'.

Example 3 - Remove all credentials using piping

PS C:\> Get-AzureRmADApplication -ObjectId 7663d3fb-6f86-4352-9e6d-cf9d50d5ee82 | Remove-AzureRmADAppCredential

Gets the application with object id '7663d3fb-6f86-4352-9e6d-cf9d50d5ee82' and pipes that to the Remove-AzureRmADAppCredential cmdlet and removes all credentials from that application.

Parameters

-ApplicationId

The id of the application to remove the credentials from.

Type:Guid
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ApplicationObject

The application object to remove the credentials from.

Type:PSADApplication
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

The display name of the application.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Force

Switch to delete credential without a confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyId

Specifies the credential key to be removed. The key Ids for the application can be obtained using the Get-AzureRmADAppCredential cmdlet.

Type:Guid
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ObjectId

The object id of the application to remove the credentials from.

Type:Guid
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PassThru

Specifying this will return true if the command was successful.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Guid

String

PSADApplication

Parameters: ApplicationObject (ByValue)

Outputs

Boolean