Forum Discussion
Connect to Azure AD from Powershell without prompt - what are my options?
https://docs.microsoft.com/en-us/powershell/azure/authenticate-azureps?view=azps-7.1.0
- Patrick RoteJan 19, 2022Iron ContributorThanks hspinto for your response.
I have a dedicated acct that password doesn't expire and no MFA. Will this work?
What is Managed Identity and how can i achieve this?- hspintoJan 19, 2022Microsoft
A user principal with a never expiring password and no MFA is the worst you can do for the security of your solution. Use, at least, a service principal - they're meant for non-attended automation.
The AzureAD module you are trying to use (Connect-AzureAD) is deprecating and is replaced by the MS Graph SDK I mentioned above. If you want to log into Azure AD with a service principal and MS Graph, you can simply use this:
Connect-MgGraph -TenantId "your tenant id" -AppId "service principal app id" -CertificateThumbprint "cert thumbprint"
Of course, you must grant to the service principal the required roles/permissions in your Azure AD tenant.
If the execution context of your automation allows for it, i.e., it runs from Azure Automation or from an Azure/Arc machine, you can leverage Managed Identities, which are a special type of service principal for which Azure manages the credentials for you. You don't need to use certificates nor passwords. More details here: Managed identities for Azure resources | Microsoft Docs