Disablement of Symmetric keys for Microsoft Entra first-party applications Service Principals

Symmetric keys for Microsoft Entra first-party applications’ Service Principals will be disabled to enhance security. Organizations must switch to Asymmetric keys by June 15, 2024, to avoid authentication failures. Preparation involves replacing Symmetric with Asymmetric keys as detailed in the provided link.

Symmetric keys authentication relies on a shared key being sent by the client in its request to security token service. In the event the key is intercepted, it is permanently compromised.

To improve security posture of Microsoft first-party Applications and better protect customer data, client applications will no longer be able to use Symmetric Keys on Service Principals for First-Party Applications and must move to Asymmetric keys.

When this will happen:

June 15, 2024

How this affects your organization:

After this change is implemented, any client requests that use Symmetric Keys on their Microsoft first-party Application Service Principals will fail.

What you can do to prepare:

Customers currently using Symmetric keys for authenticating Microsoft first-party application’s Service Principals in their tenant will need to replace these with Asymmetric keys, as described in the link Add-MgServicePrincipalKey

Message ID: MC792991


Comments are closed.


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: