Remove-AzureRmADAppCredential

Removes a credential from an application.

Syntax

Remove-AzureRmADAppCredential
      -ObjectId <Guid>
      [-KeyId <Guid>]
      [-PassThru]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-AzureRmADAppCredential
      -ApplicationId <Guid>
      [-KeyId <Guid>]
      [-PassThru]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-AzureRmADAppCredential
      -DisplayName <String>
      [-PassThru]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-AzureRmADAppCredential
      [-KeyId <Guid>]
      -ApplicationObject <PSADApplication>
      [-PassThru]
      [-Force]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Remove-AzureRmADAppCredential cmdlet can be used to remove a credential key from an application in the case of a compromise or as part of credential key rollover expiration. The application is identified by supplying either the object ID or AppId. The credential to be removed is identified by its key ID if an individual credential is to be removed or with an 'All' switch to delete all credentials associated with the application.

Examples

Example 1 - Remove a specific credential from an application

PS C:\> Remove-AzureRmADAppCredential -ObjectId 7663d3fb-6f86-4352-9e6d-cf9d50d5ee82 -KeyId 9044423a-60a3-45ac-9ab1-09534157ebb

Removes the credential with key id '9044423a-60a3-45ac-9ab1-09534157ebb' from the application with object id '7663d3fb-6f86-4352-9e6d-cf9d50d5ee82'.

Example 2 - Remove all credentials from an application

PS C:\> Remove-AzureRmADAppCredential -ApplicationId 4589cd6b-3d79-4bb4-93b8-a0b99f3bfc58

Removes all credentials from the application with application id '4589cd6b-3d79-4bb4-93b8-a0b99f3bfc58'.

Example 3 - Remove all credentials using piping

PS C:\> Get-AzureRmADApplication -ObjectId 7663d3fb-6f86-4352-9e6d-cf9d50d5ee82 | Remove-AzureRmADAppCredential

Gets the application with object id '7663d3fb-6f86-4352-9e6d-cf9d50d5ee82' and pipes that to the Remove-AzureRmADAppCredential cmdlet and removes all credentials from that application.

Required Parameters

-ApplicationId

The id of the application to remove the credentials from.

Type:Guid
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ApplicationObject

The application object to remove the credentials from.

Type:PSADApplication
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-DisplayName

The display name of the application.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ObjectId

The object id of the application to remove the credentials from.

Type:Guid
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Switch to delete credential without a confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyId

Specifies the credential key to be removed. The key Ids for the application can be obtained using the Get-AzureRmADAppCredential cmdlet.

Type:Guid
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-PassThru

Specifying this will return true if the command was successful.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.PSADApplication

This cmdlet accepts a PSADApplication object from the pipeline. You can pipe the output of Get-AzureRmADApplication to this cmdlet to remove the credentials for the provided application.

Outputs

System.Boolean