The Azure portal web GUI and the Azure CLI both surface ways to create Entra application registration secrets. The thing is, they only allow you to request a password be generated, you can’t set your own password.

Why would you want to set your own password? Well, most of the time you wouldn’t care, but what if you have an existing password in production that is expiring, and for reasons outside of your control, you’re not able to update the client to use a new password?

Obviously this is a huge stability and security liability, but what if you need to kick this can down the road just a little further?

Enter the Azure Active Directory Powershell 2.0 Module

PS C:\>New-AzureADApplicationPasswordCredential -ObjectId '6e6a6561-e96d-453b-9641-743b499736cc' -Value 'Zihjfg-dsgs_d34_54"73fE"d!f~dg'
 
CustomKeyIdentifier :
EndDate             : 16-12-2023 06:00:44
KeyId               :
StartDate           : 16-12-2022 06:00:44
Value               : Zihjfg-dsgs_d34_54"73fE"d!f~dg

If you ended up here, you might have seen these stack overflow posts that suggest the Azure CLI supports this here and here. I saw these too, and perhaps this worked at one point, but it didn’t work for me with AzureCLI version 2.38.

Also of note, the Microsoft docs for the Graph API specifically call out that an endpoint that sets the password credential as unsupported.

I suspect this work-around with the powershell module will be short-lived, but hopefully this can help someone else in a tight spot until Microsoft removes support all together.