This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 88%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Hello!
In the past, our organization has generated client secrets for SPNs with a secret expiry date of 10 years in the future. With a policy update, this is no longer allowed. Instead of forcing a large number of customers to replace their secrets right now, is there a way to reduce the expiry date of the existing secrets to conform to the new limit?
On a related note, when you generate a new client secret for a Service Principal which already has exsting (non-expired) secrets, are those other secrets in any way invalidated or their validity shortened? There's a rumor that those get set to 7 days grace period regardless of their previous expiry date, but I couldn't find any mention of this in any of the official Azure documentation.
Thank you!
A cloud-based identity and access management service for securing user authentication and resource access
Afaik there is no way to reduce the validity period for existing secrets. But creating new ones will not impact them in any way, they continue to be valid until the expiration day. Not sure where you saw that 7-day grace period, but it's news to me.