Remove-EntraApplicationKey
Removes a key from an application.
Syntax
Default (Default)
Remove-EntraApplicationKey
-ApplicationId <String>
[-Proof <String>]
[-KeyId <String>]
[<CommonParameters>]
Description
Removes a key from an application.
Examples
Example 1: Remove a key credential from an application
Connect-Entra -Scopes 'Application.ReadWrite.All','Directory.ReadWrite.All'
$application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'"
Remove-EntraApplicationKey -ApplicationId $application.Id -KeyId 'aaaaaaaa-0b0b-1c1c-2d2d-333333333333' -Proof '{token}'
This command removes the specified key credential from the specified application.
-ApplicationIdparameter specifies the unique identifier of an application.-KeyIdparameter specifies the key Id corresponding to the key object to be removed.-Proofparameter specifies the JWT token provided as a proof of possession.
Parameters
-ApplicationId
Specifies the unique ID of an application in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-KeyId
The key Id corresponding to the key object to be removed.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Proof
The JWT token provided as a proof of possession.
A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed with a private key that corresponds to one of the existing valid certificates associated with the application. The token should contain the following claims:
aud: Audience needs to be 00000002-0000-0000-c000-000000000000.iss: Issuer needs to be the ID of the application that initiates the request.nbf: Not before time.exp: Expiration time should be the value of nbf + 10 minutes.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.