cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need assistance with automating MS Authentication in a PowerShell script

Lorenz33
Copper Contributor

‎Mar 16 2023 03:24 PM

‎Mar 16 2023 03:24 PM

Need assistance with automating MS Authentication in a PowerShell script

I am working on a Powershell script that reads from the Power BI Activity log to retrieve audit information on Power BI usage. I plan on running this script in Windows Task Scheduler daily to output a JSON file from which I will load the data into an SQL Server database.

 

Firstly, in order to run the script, it must be logged on to Power BI and the account must have Power BI Administrator permissions. This is the command to log on to Power BI:

 

Connect-PowerBIServiceAccount

 

When I run it manually in Power BI, an MS authentication window comes up and I must sign on. How can this be done automatically? Is there any way to use a stored credential?

 

Here is the rest of the script:

 

$startDateToExtract = '2023-03-09T00:00:00.000'
$endDateToExtract = '2023-03-09T23:59:59.999'

#Optional parameters -ActivityType, -User, -ResultType

###########################
$activities = Get-PowerBIActivityEvent -StartDateTime '2023-03-15T00:00:00' -EndDateTime '2023-03-15T23:59:59' | Set-Content C:\Temp\Bucket\PBI_Track7.json

$activities.Count
for (($i = 0); ($i -le $activities.Count); $i++)
{
$activities[$i] | >> C:\Temp\Bucket\PBI_Track7.json

}

$activities.Count

#################################

 

I have manually entered the start dates. Is there a way to get the date and put it in the start and end dates in the format above?

StartDate: 'YYYY-MM-DDT00:00:00.000'

EndDate: 'YYYY-MM-DDT23:59:59.999'

 

I have the output file manually set as PBI_Track7.json. How can I have the file generated with the date the script is run? Example, 20160316.json

 

Any help and advice would be greatly appreciated.

Labels:
970 Views
0 Likes
4 Replies
Reply
4 Replies
Alex_Rechs

‎Mar 17 2023 06:27 AM

‎Mar 17 2023 06:27 AM

Re: Need assistance with automating MS Authentication in a PowerShell script

$User = "email address removed for privacy reasons"
$PWord = ConvertTo-SecureString -String "password_blablah" -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
Connect-PowerBIServiceAccount -Credential $Credential
0 Likes
Reply
AndySvints

‎Mar 18 2023 02:33 PM

‎Mar 18 2023 02:33 PM

Re: Need assistance with automating MS Authentication in a PowerShell script

Hello @Lorenz33,

In addition to suggestions mentioned by @Alex_Rechs, you can also look into 2 extra options:

(1) using ServicePrinciple with ClientSecret

Prerequisites: Register App in AAD and create ClientSecret.

Code to authenticate will be something like this:

$TenantId="[TenantId]"
$ClientId="[YourRegisteredAADAppClientId]"
$ClientSecret="[YourRegisteredAADAppClientSecret]"

$PWord = ConvertTo-SecureString -String $ClientSecret  -AsPlainText -Force

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ClientId, $PWord

Connect-PowerBIServiceAccount -Tenant $TenantId -ServicePrincipal -Credential $Credential

 

(2) using ServicePrinciple with Certificate

Prerequisites: Register App in AAD and upload certificate (self signed will suffice).

Authentication code will looks like this:

$AppId= "[YourRegisteredAADAppClientId]"
$Cert="[Thumbprint]"

Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprint $Cert -ApplicationId $AppId

References:

Hope that helps.

 

 

 

0 Likes
Reply
Lorenz33

‎Mar 22 2023 10:38 AM

‎Mar 22 2023 10:38 AM

Re: Need assistance with automating MS Authentication in a PowerShell script

Thanks Alex and Andy. That definitely helps. I have tested it and it works. One more quick question: it is not a good practice to keep the password in the file like that where it can be exposed to whoever is on the server. Is there any way it can be encrypted? Possibly stored in secure encrypted format in another file which can be retrieved and then unencrypted?
0 Likes
Reply
AndySvints

‎Mar 22 2023 03:51 PM

‎Mar 22 2023 03:51 PM

Re: Need assistance with automating MS Authentication in a PowerShell script

Hello @Lorenz33,

You can look into Microsoft.PowerShell.SecretManagement ( provides a convenient way for a user to store and retrieve secrets), which supports multiple secret vault types. For starters, you can use Microsoft.PowerShell.SecretStore ( Local secure store extension vault).

 

Hope that helps.

0 Likes
Reply