Forum Discussion

Lorenz33's avatar
Lorenz33
Copper Contributor
Mar 16, 2023

Need assistance with automating MS Authentication in a PowerShell script

I am working on a Powershell script that reads from the Power BI Activity log to retrieve audit information on Power BI usage. I plan on running this script in Windows Task Scheduler daily to output ...
Windows PowerShell
AndySvints's avatar
AndySvints
Iron Contributor
Mar 18, 2023

Hello Lorenz33,

In addition to suggestions mentioned by Alex_Rechs, you can also look into 2 extra options:

(1) using ServicePrinciple with ClientSecret

Prerequisites: Register App in AAD and create ClientSecret.

Code to authenticate will be something like this:

$TenantId="[TenantId]"
$ClientId="[YourRegisteredAADAppClientId]"
$ClientSecret="[YourRegisteredAADAppClientSecret]"

$PWord = ConvertTo-SecureString -String $ClientSecret  -AsPlainText -Force

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ClientId, $PWord

Connect-PowerBIServiceAccount -Tenant $TenantId -ServicePrincipal -Credential $Credential

 

(2) using ServicePrinciple with Certificate

Prerequisites: Register App in AAD and upload certificate (self signed will suffice).

Authentication code will looks like this:

$AppId= "[YourRegisteredAADAppClientId]"
$Cert="[Thumbprint]"

Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprint $Cert -ApplicationId $AppId

References:

Hope that helps.

 

 

 

Lorenz33's avatar
Lorenz33
Copper Contributor
Mar 22, 2023
Thanks Alex and Andy. That definitely helps. I have tested it and it works. One more quick question: it is not a good practice to keep the password in the file like that where it can be exposed to whoever is on the server. Is there any way it can be encrypted? Possibly stored in secure encrypted format in another file which can be retrieved and then unencrypted?

Resources