Remove-EntraServicePrincipalKeyCredential
Removes a key credential from a service principal.
Syntax
Remove-EntraServicePrincipalKeyCredential
-ServicePrincipalId <String>
-KeyId <String>
[<CommonParameters>] Description
The Remove-EntraServicePrincipalKeyCredential cmdlet removes a key credential from a service principal in Microsoft Entra ID.
Examples
Example 1: Remove a key credential
Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission
Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission
$SPObjectID = (Get-EntraServicePrincipal -SearchString 'Entra Multi-Factor Auth Client').ObjectID
Get-EntraServicePrincipalKeyCredential -ServicePrincipalId $SPObjectID
Remove-EntraServicePrincipalKeyCredential -ServicePrincipalId $SPObjectID -KeyId <PASTE_KEYID_VALUE>This example demonstrates how to remove a key credential from a service principal in Microsoft Entra ID.
- First command stores the ObjectID of your service principal in the $SPObjectID variable.
- The second command gets all the Key Credentials for the service principal. Copy the preferred KeyID associated with the certificate to be removed and paste it at the <PASTE_KEYID_VALUE> in the third command.
- The last command removes the certificate (key credential) from the service principal configuration.
Parameters
-KeyId
Specifies the ID of a key credential.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ServicePrincipalId
Specifies the ID of a service principal.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |