Jan 14 2018
- last edited on
Jul 24 2020
is it posible to use by Connect-AzureAD the credentials from the Login user?
Without open the window to fill in username and Password.
Jan 17 2018 07:53 AM
Not possible afaik. You should be able to skip some steps in federated scenarios or when using PTA. Or you can simply use the -Credentials parameter and pass the username/password - there are many examples available online how you can securely store/reuse creds.
May 04 2018 11:04 PM
Yes, it is possible to use the cmdlet Connect-AzureAD with stored credentials.
Note that this is only possible with accounts not protected with MFA.
My script which is available on TechNet Gallery utilises this -
It connects to all Azure and Office 365 services, including - Exchange Online - Azure AD v1.0 - Azure AD v2.0 - SharePoint Online - Skype for Business Online - Exchange Online Protection - Security and Compliance Center - Azure Resource Manager - Azure Rights Manager
May 05 2018 09:20 AM
I believe what the OP meant was to automatically sign in with the current user credentials, not use any stored credentials. But I might be wrong :)
May 05 2018 10:04 AM - edited May 05 2018 10:05 AM
No, credentials are required in either the Connect-AzureAD command or via the login window. This is the intended behavior for security reasons.
May 08 2018 05:09 AM - edited May 08 2018 05:10 AM
Thank you for clarifying that the feature is unavailable. I have to point out however that your comment "This is intended behaviour for security reasons" is unlikely to be accurate. In an Azure AD environment, the user logged in to the Windows 10 device is signed in across a range of Microsoft applications and services. For example Outlook, SharePoint Online etc. Further, in an on-premises AD environment any commands run from a Powershell Window will execute as the currently signed in user (the behaviour that we would like to be able to replicate when using powershell to control Azure AD). Therefore, Microsoft have clearly accepted that the user does not need to re-authenticate once they have logged in to a device.
The problem with being unable to run Connect-AzureAD as the current logged on user is that an admin cannot run a login or scheduled powershell script that, for example, checks that the current user is a member of a group in Azure AD and then apply settings accordingly. If anyone has a work around for this that does not include storing credentials in a Powershell script I would be very interested.
May 09 2018 04:42 AM
Thank you for your answers.
I like to run scheduled Powershell scripts to do to administrative tasks on the azure AD. But I don’t want to write the credentials into the script.
Maybe I must look at azure function in combination with azure key valut.