@Steve l ,
Under your App Registration > Certificates and Secrets > New client secret/Add a client secret , you need to set "Expires" to 24 months.
You can also use Powershell to set the secret expiration:
startDate = Get-Date
$endDate = $startDate.AddYears(2)
$aadAppsecret01 = New-AzureADApplicationPasswordCredential -ObjectId xxxxx -StartDate $startDate -EndDate $endDate
The scanner should pull from the client secret settings.
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions . Otherwise let me know if you still face this issue or have further questions.