Forum Discussion
Lorenz33
Mar 16, 2023Copper Contributor
Need assistance with automating MS Authentication in a PowerShell script
I am working on a Powershell script that reads from the Power BI Activity log to retrieve audit information on Power BI usage. I plan on running this script in Windows Task Scheduler daily to output ...
AndySvints
Mar 18, 2023Steel Contributor
Hello Lorenz33,
In addition to suggestions mentioned by Alex_Rechs, you can also look into 2 extra options:
(1) using ServicePrinciple with ClientSecret
Prerequisites: Register App in AAD and create ClientSecret.
Code to authenticate will be something like this:
$TenantId="[TenantId]"
$ClientId="[YourRegisteredAADAppClientId]"
$ClientSecret="[YourRegisteredAADAppClientSecret]"
$PWord = ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ClientId, $PWord
Connect-PowerBIServiceAccount -Tenant $TenantId -ServicePrincipal -Credential $Credential
(2) using ServicePrinciple with Certificate
Prerequisites: Register App in AAD and upload certificate (self signed will suffice).
Authentication code will looks like this:
$AppId= "[YourRegisteredAADAppClientId]"
$Cert="[Thumbprint]"
Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprint $Cert -ApplicationId $AppId
References:
- Connect-PowerBIServiceAccount
- Create an Azure Active Directory application and service principal that can access resources
Hope that helps.
Lorenz33
Mar 22, 2023Copper Contributor
Thanks Alex and Andy. That definitely helps. I have tested it and it works. One more quick question: it is not a good practice to keep the password in the file like that where it can be exposed to whoever is on the server. Is there any way it can be encrypted? Possibly stored in secure encrypted format in another file which can be retrieved and then unencrypted?
- AndySvintsMar 22, 2023Steel Contributor
Hello Lorenz33,
You can look into Microsoft.PowerShell.SecretManagement ( provides a convenient way for a user to store and retrieve secrets), which supports multiple secret vault types. For starters, you can use Microsoft.PowerShell.SecretStore ( Local secure store extension vault).
Hope that helps.