Future plans of Microsoft with the maximum expiration of a client secret of an azure ad app registration

Question

Hello,

Please can you inform me what the future plans are concerning the maximum client secret expiration?
I will elaborate my question a bit more. I have noticed that when we create an app registration through the Azure Portal that the maximum
expiration date of the client secret is limited to max 2 years.
We can bypass this limitation by updating the end expiration date of the client secret
through powershell command.
Also when creating an app registration through the Microsoft.Graph library in C# we can bypass this limitation.

Now my question is if there are plans in the near future to also prevent the two possibilities (Powershell and Microsoft.Graph sdk) mentioned above
so that we can set this expiration enddate further than 2 years in the future?
Or is it just an azure portal ui limitation?

Thanks and kind regards

Answer 1

@Creemers, Bert
Thank you for the quick follow up on this and for sharing what our support team provided. I received a response from our engineering team and will post it below.

Update:
There are plans to limit lifetimes of the secret administratively. However, there are no current timelines or ETAs of when this will happen. Removing the UX option to have never expiring secrets is a first step of that process (you can still create secrets that never expire with PowerShell, AZ CLI and Graph API).

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.