Trying to register a new application, getting "Client secrets are blocked by a tenant-wide policy. Contact your tenant administrator for more information.

Question

We have Azure non-profit sponsorship.

Trying to create a new app registration with client secret credential, getting error "Client secrets are blocked by a tenant-wide policy. Contact your tenant administrator for more information."

I am the tenant administrator.

Where can I check policies and update them?

Answer 1

Hello Kamal Mikhail,

This error is expected when a policy in your tenant is blocking the creation of client secrets. It’s not related to the app registration itself, but to an application policy applied at the tenant level.

You can check and update this in the Microsoft Entra admin center:

• Go to Entra ID → Enterprise applications → Application policies
• Under Password restrictions, look for Block password addition
• If this is enabled, it prevents creating new client secrets
  
• You can disable or adjust this setting based on your requirement

If the setting is enabled, that’s what triggers the error:

“Client secrets are blocked by a tenant-wide policy”

Also, if you don’t see it clearly in the portal or want to confirm, you can check the tenant policy using Microsoft Graph:

GET https://graph.microsoft.com/v1.0/policies/defaultAppManagementPolicy

If the policy is enabled with a restriction like passwordAddition, client secrets are blocked tenant wide.

This behavior is common in secured tenants (including some non-profit subscriptions), as Microsoft recommends avoiding client secrets due to security risks. If possible, consider using certificates or managed identities instead.

Hope this helps! Feel free to reach out for further queries.