Forum Discussion

JosLieben's avatar
JosLieben
Iron Contributor
Mar 26, 2018
Solved

Unsupported but very useful way to use the hidden Azure API

Obviously not supported, but for those of us managing many tenants and/or setting up (test/training/pilot) tenants often, you may want to automate certain Azure AD or Intune settings that are not ava...
api management
automation
monitoring
  • Evan Bachert's avatar
    Evan Bachert
    Sep 13, 2018

    Fantastic information!!! Thank you for sharing!!

     

    I have discovered COUNTLESS uses for this, from obtaining all of the 'Conditional Access' policies that are configured in AzureAD, to obtaining a list of Azure Gallery/Marketplace Apps that are available as 'Enterprise Apps'.

     

    Thanks again!

    Evan

AndyBrunner's avatar
AndyBrunner
Copper Contributor
Aug 03, 2021

Hi everyone

I do have something to add here.

 

Until recently, I was retrieving new access tokens by providing the API uri as a resource ( https://main.iam.ad.ext.azure.com ). For me, this does not work anymore. I get a Bearer token, but it's useless... Now I do have to provide the resource's GUID to get a valid Bearer token. 

I do work with the https://www.powershellgallery.com/packages/Az.Accounts module, and I know two ways to get a token:

 

 

 

$resource = '74658136-14ec-4630-ad9b-26e160ff0fc6';

# v1
$token1 = (Get-AzAccessToken -ResourceUrl $resource -TenantId (Get-AzContext).Tenant.Id.ToString()).token

# v2
$currentAzureContext = Get-AzContext
$token2 = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($currentAzureContext.Account, $currentAzureContext.Environment, $currentAzureContext.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, $resource).AccessToken

 

 

 

 

Resources