Dec 17 2018 11:04 PM - edited Dec 17 2018 11:05 PM
I am automating binding a custom certificate to an application published with the Azure AD Application Proxy. I can upload and bind the certificate in the Azure Portal.
Logged on with Global Administrator role in PowerShell, I use the AzureAD module with Set-AzureADApplicationProxyApplicationCustomDomainCertificate. After entering the password for the Pfx, the response is "Access Denied".
Any idea why this is not allowed via script?
Dec 19 2018 10:46 AM - edited Dec 19 2018 10:48 AM
Have you looked at our guidance on certificate to make sure you have the appropriate format: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-cust....
Dec 19 2018 11:52 AM - edited Dec 19 2018 11:55 AM
SolutionYes, I did use that article and the documentation on the cmdlet as the source to use the cmdlet.
The article doesn't mention that unlike when using the Azure Portal, this cmdlet requires you to run in an elevated PowerShell session with local administrator rights.
When not run elevated, the response is "Access Denied".
I am clueless what the local administrator rights are for when uploading a certificate to Azure.
I proposed a change in the documentation at docs.microsoft.com to mention the requirement for an elevated PowerShell session.
Dec 28 2018 02:16 PM
Dec 19 2018 11:52 AM - edited Dec 19 2018 11:55 AM
SolutionYes, I did use that article and the documentation on the cmdlet as the source to use the cmdlet.
The article doesn't mention that unlike when using the Azure Portal, this cmdlet requires you to run in an elevated PowerShell session with local administrator rights.
When not run elevated, the response is "Access Denied".
I am clueless what the local administrator rights are for when uploading a certificate to Azure.
I proposed a change in the documentation at docs.microsoft.com to mention the requirement for an elevated PowerShell session.