Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create an AAD service principal and configure it for AAD authentication for the Azure PowerShell cmdlets
#
# Sign-in as a user in the Owner role
#
Add-AzureAccount
#
# Sign-in to MSOL
#
Connect-MsolService
$servicePrincipalName = "http://UniqueName"
$displayName = "UniqueDisplayName"
$addressName = "http://UniqueName"
$strongPassword = "StrongPassword"
#
# Create a service principal
#
$address = New-MsolServicePrincipalAddresses -Address $addressName -AddressType Reply
New-MsolServicePrincipal -ServicePrincipalNames $servicePrincipalName -DisplayName $displayName -Type Password -Value $strongPassword -Addresses $address
Get-MsolServicePrincipal -ServicePrincipalName $servicePrincipalName
#
# Add the service principal to a role
#
New-AzureRoleAssignment -ServicePrincipalName $servicePrincipalName -RoleDefinitionName "Reader"
Get-AzureRoleAssignment | Select DisplayName, ServicePrincipalName
#
# Configure the service principal as a PowerShell account
#
$appPrincipalId = (Get-MsolServicePrincipal -ServicePrincipalName $servicePrincipalName).AppPrincipalId
$securePassword = ConvertTo-SecureString $strongPassword -AsPlainText -Force
$secureCredential = New-Object System.Management.Automation.PSCredential($appPrincipalId, $securePassword)
Add-AzureAccount -ServicePrincipal -Tenant $tenantId -Credential $secureCredential
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.