Script Authentication

Brass Contributor

I have numerous scripts/bits of code I'd like to run against AzureAD. How can I authenticate from a script? Obviously if using the powershell cmdlets I can supply a username password but then that user needs to be excluded from MFA, risky sign ins etc. Is this the general recommended approach or can I use certs or the like or an app registration? What pattern should I be using??

1 Reply

You should indeed look into utilizing app registrations.
For app registrations you have two ways:
- Application access
-Delegated access

Delegated access is when a user sign into the application, application access is where the script runs in the background (daemon task)

Application authentication can be done through a certificate or a client secret as you mentioned.

I recommend looking into this blog series, it's a really detailed one