Improved control of Client Secrets and Certifficates(also via PowerShell )
At the moment there is lack of control via PowerShell for the Client Secrets.
To list them up you have to use:
Get-AzureADServicePrincipal and list PasswordCredentials
If there is more than one key, they will be displayed in random order. This means that not always the active one will be presented as first.
At the moment there is possibility to see expired certs /keys under App registrations (Preview)but there is no option of sorting. Also for apps with more client secrets, value is not displayed at all.
The whole control over certificates and client secrets via PowerShell is complicated. It should be simplified to help in houskeeping actions like legacy secrets removal. Some clients store more than one certificate. Also mail notifications about expiring secrets are enabled only for Enterpris Apps. Moreover there is an issue between New and Old Experience (where you may see different amount of certificates depending on expirience used for their creation). To help with automation, the cmdlets should be improved and also documented in more detail. This will hopefully make it easier to list secret keys