Connect to Azure AD from Powershell without prompt - what are my options?

Iron Contributor

Hi there,
I want to schedule some script in PowerShell and i would need to login into Azure AD first.
Is it possible to login to Azure AD without a prompt as the script needs to be automates/scheduled
Can I use app registration with client ID and Clients secret with powershell.
I also have a dedicated account which doesn't have MFA.

Any resources would be appreciated

Thanks

9 Replies
You can just pass your username/password to Connect-AzAccount.
If you want to automate tasks against Azure AD, you should be leveraging Microsoft Graph instead. There's a PowerShell SDK (https://docs.microsoft.com/en-us/graph/powershell/installation). It supports authenticating with an SPN, but I would recommend using a Managed Identity, if possible.
Thanks Tringler . Can you please give me an example. I'm using Connect-AzureAD
Thanks hspinto for your response.
I have a dedicated acct that password doesn't expire and no MFA. Will this work?
What is Managed Identity and how can i achieve this?

@Patrick Rote 

 

A user principal with a never expiring password and no MFA is the worst you can do for the security of your solution. Use, at least, a service principal - they're meant for non-attended automation.

 

The AzureAD module you are trying to use (Connect-AzureAD) is deprecating and is replaced by the MS Graph SDK I mentioned above. If you want to log into Azure AD with a service principal and MS Graph, you can simply use this:

 

Connect-MgGraph -TenantId "your tenant id" -AppId "service principal app id" -CertificateThumbprint "cert thumbprint"

 

Of course, you must grant to the service principal the required roles/permissions in your Azure AD tenant.

 

If the execution context of your automation allows for it, i.e., it runs from Azure Automation or from an Azure/Arc machine, you can leverage Managed Identities, which are a special type of service principal for which Azure manages the credentials for you. You don't need to use certificates nor passwords.  More details here: Managed identities for Azure resources | Microsoft Docs

Hi @Patrick Rote 

 

# Save User Credentials
# New-StoredCredential -Target MyAccount -Username <Username> -Password <Password>

# User Authentication
$ua = Get-StoredCredential -Target MyAccount
$credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $ua.UserName,$ua.Password

# Login to your Azure Account
Connect-AzAccount -Tenant '<TenantID>' -Credential $credential

 

Still working until now.

 

 

 

Hspinto is correct, and the luck of Alan2022 will become useless after June 23. If you stuck with Connect-AzAccount your prize is getting to get to write this twice. Here's an article on upgrading from the AD API to MSGraph: https://learn.microsoft.com/en-us/powershell/microsoftgraph/migration-steps?view=graph-powershell-1....