New-EntraApplicationPasswordCredential

Module:

Microsoft.Graph.Entra

Creates a password credential for an application.

Syntax

New-EntraApplicationPasswordCredential
    -ObjectId <String>
    [-CustomKeyIdentifier <String>]
   [-StartDate <DateTime>]
    [-EndDate <DateTime>] 
   [<CommonParameters>]

Description

The New-EntraApplicationPasswordCredential cmdlet creates a password credential for an application in Microsoft Entra ID.

Examples

Example 1: Create a password credential

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "displayName eq '<displayName>'"
New-EntraApplicationPasswordCredential -ObjectId $application.Id

CustomKeyIdentifier DisplayName EndDateTime          Hint KeyId                                SecretText                    StartDateTime
------------------- ----------- -----------          ---- -----                                ----------                    -------------
                                3/21/2026 9:48:40 AM n34  tttttttt-0000-2222-0000-aaaaaaaaaaaa wbBNW8kCuiPjNRg9NX98W_aaaaaaa 3/21/2024 9:48:40 AM

This command creates new password credential for specified application.

• -ObjectId Specifies the ID of a user.

Example 2: Create a password credential using CustomKeyIdentifier parameter

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "displayName eq '<displayName>'"
$params = @{
    ObjectId = $application.Id
    CustomKeyIdentifier = '<userfriendlyDisplayName>'
}

New-EntraApplicationPasswordCredential @params

CustomKeyIdentifier DisplayName EndDateTime          Hint KeyId                                SecretText                               StartDateTime
------------------- ----------- -----------          ---- -----                                ----------                               -------------
100 101 109 111     demo        8/2/2026 11:47:53 AM 8Mw  tttttttt-0000-2222-0000-aaaaaaaaaaaa wbBNW8kCuiPjNRg9NX98W_aaaaaaa 8/2/2024 11:47:53 AM

This command creates new password credential for specified application.

• -ObjectId Specifies the ID of a user.
• -CustomKeyIdentifier Speicifies unique binary identifier.

Example 3: Create a password credential using StartDate parameter

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "displayName eq '<displayName>'"
$params = @{
    ObjectId = $application.Id
    StartDate = (Get-Date).AddYears(0)
    CustomKeyIdentifier = '<userfriendlyDisplayName>'
}

New-EntraApplicationPasswordCredential @params

CustomKeyIdentifier DisplayName EndDateTime          Hint KeyId                                SecretText                    StartDateTime
------------------- ----------- -----------          ---- -----                                ----------                    -------------
                                3/21/2026 9:48:40 AM n34  tttttttt-0000-2222-0000-aaaaaaaaaaaa wbBNW8kCuiPjNRg9NX98W_aaaaaaa 3/21/2024 9:48:40 AM

This command creates new password credential for specified application.

• -ObjectId Specifies the ID of a user.
• -StartDate Speicifies the date and time at which the password becomes valid.

Example 4: Create a password credential using EndDate parameter

Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy'
$application = Get-EntraApplication -Filter "displayName eq '<displayName>'"
$params = @{
    ObjectId = $application.Id
    EndDate = (Get-Date).AddYears(2)
    CustomKeyIdentifier = '<userfriendlyDisplayName>'
}

New-EntraApplicationPasswordCredential @params

CustomKeyIdentifier DisplayName EndDateTime          Hint KeyId                                SecretText                    StartDateTime
------------------- ----------- -----------          ---- -----                                ----------                    -------------
                                3/21/2026 9:48:40 AM n34  tttttttt-0000-2222-0000-aaaaaaaaaaaa wbBNW8kCuiPjNRg9NX98W_aaaaaaa 3/21/2024 9:48:40 AM

This command creates new password credential for specified application.

• -ObjectId Specifies the ID of a user.
• -EndDate Speicifies The date and time at which the password expires.

Parameters

-CustomKeyIdentifier

A unique binary identifier.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-EndDate

The date and time at which the password expires.

Type:	System.DateTime
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-ObjectId

Specifies the ID of an application in Microsoft Entra ID.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-StartDate

The date and time at which the password becomes valid.

Type:	System.DateTime
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

Related Links

• Get-EntraApplicationPasswordCredential
• Remove-EntraApplicationPasswordCredential