Remove-EntraApplicationKey
Removes a key from an application.
Syntax
Remove-EntraApplicationKey
-ApplicationId <String>
[-Proof <String>]
[-KeyId <String>]
[<CommonParameters>] Description
Removes a key from an application.
Examples
Example 1: Remove a key credential from an application
Connect-Entra -Scopes 'Application.ReadWrite.All','Directory.ReadWrite.All'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Remove-EntraApplicationKey -ApplicationId $application.Id -KeyId 'aaaaaaaa-0b0b-1c1c-2d2d-333333333333' -Proof '{token}'This command removes the specified key credential from the specified application.
-ApplicationIdparameter specifies the unique identifier of an application.-KeyIdparameter specifies the key Id corresponding to the key object to be removed.-Proofparameter specifies the JWT token provided as a proof of possession.
Parameters
-ApplicationId
Specifies the unique ID of an application in Microsoft Entra ID.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeyId
The key Id corresponding to the key object to be removed.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Proof
The JWT token provided as a proof of possession.
A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed with a private key that corresponds to one of the existing valid certificates associated with the application. The token should contain the following claims:
aud: Audience needs to be 00000002-0000-0000-c000-000000000000.iss: Issuer needs to be the ID of the application that initiates the request.nbf: Not before time.exp: Expiration time should be the value of nbf + 10 minutes.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
String