**Related command** `az ad sp create-for-rbac` **Is your feature request related to a problem? Please describe.** Currently, only integer `--years` is supported which is too rough: ``` > az ad sp create-for-rbac -h ... Credential Arguments --years : Number of years for which the credentials will be valid. Default: 1 year. ``` The minimum expiry time is 1 year which is against the security best practice of setting expiry time as short as possible. > [!CAUTION] > **If there is a policy in the tenant that forbids expiry time >= 1 year, `az ad sp create-for-rbac` will fail.** **Describe the solution you'd like** 1. Support `--end-date` similar to that from `az ad app credential reset` and `az ad app create`. 2. Support `--days` like Azure Portal:  **Describe alternatives you've considered** Drop `--year` as it encourages imprecise expiry time and it also causes ambiguity in leap years (https://github.com/Azure/azure-cli/issues/28520).
Related command
az ad sp create-for-rbacIs your feature request related to a problem? Please describe.
Currently, only integer
--yearsis supported which is too rough:The minimum expiry time is 1 year which is against the security best practice of setting expiry time as short as possible.
Caution
If there is a policy in the tenant that forbids expiry time >= 1 year,
az ad sp create-for-rbacwill fail.Describe the solution you'd like
--end-datesimilar to that fromaz ad app credential resetandaz ad app create.--dayslike Azure Portal:Describe alternatives you've considered
Drop
--yearas it encourages imprecise expiry time and it also causes ambiguity in leap years (#28520).