Connect to Microsoft graph using PowerShell with a certificate (not using client and secret)
I referred this link and it explain how to connect using client and secret.
But, I cannot use this in production environment as the PowerShell script is going to store in the server. Anyone can open it and see the creds.
Could you please kindly explain me how to use a certificate instead of client and secret to connect Azure AD and extract users last log in information without any user interaction or MFA prompts with pop-up windows.
Thanks
Initially, I created one self-signed certificate from PowerShell using below script:
$certname = "graphcert12"
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Export-Certificate -Cert $cert -FilePath "C:/test/$certname.cer" ## Specify your preferred location
Response:
Now, I uploaded this certificate to my app registration in Entra ID like this:
To connect to Microsoft Graph as a service principal with certificate, you can make use of below PowerShell script that does not involve any user interaction:
$CertPath = "C:/test/graphcert12.cer"
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath)
Connect-MgGraph -ClientId "appId" -TenantId "tenantId" -CertificateThumbprint "certthumbprint"
Response:
Now, I ran below PowerShell script and got last log in date time of users successfully in response without any pop-up window:
$users = Get-MgUser -Property 'SignInActivity'
foreach ($user in $users) {
$displayName = $user.DisplayName
$lastSignInDateTime = $user.SignInActivity.LastSignInDateTime
if ($lastSignInDateTime -eq $null) {
Write-Host "$displayName has never signed in."
} else {
Write-Host "$displayName last signed in on $lastSignInDateTime"
}
}
Response:
Reference: Using Microsoft Graph PowerShell authentication commands | Microsoft
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- "We're sorry, your sql database is unavailable" What does this mean exactly in Azure SQL?
- How do I login to an Azure AD Joined VM using Azure AD Credentials on an Windows Server 2019?
- Migrating from validate-jwt to validate-azure-ad-token policy
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Can the Azure Service Bus be delayed before retrying a message?
- azure documentdb create document duplicates Id property
- JWT validation failure error in azure apim
- How to Add JVM Arguments in Azure Application Service?
- Azure App Service and Application Insights where is performance test?
- Is it possible to have a non-interactive code that logs in to Azure and creates users in Microsoft Entra ID?
- Change Default Service Version of Microsoft Azure Blob - PHP
- Microsoft Graph: How to filter users by domain name
- Azure App Service Plan CPU Spikes to 100%
- Unable to Authenticate to DevOps API with Angual MSAL
- Query all Azure WAF rules using Azure Resource Graph Explorer
- Azure Databricks: Not able to parameterize keys option of dlt.apply_changes
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Attaching a private static ip address to Azure Container Instance
- Azure Synapse severless SQL pool - query execution fails
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- Where can I find the resource id of an Azure function app in the Azure portal?
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Basic SQL commands in Terraform
- Linux Azure Webjob in nodejs referring to node.exe
- Running Azure functions locally gives "No runtime" error after .NET7 upgrade
- Azure DataSync tables not showing up
- Azure ML: Unable to find workspace
- unable to start 'Docker for windows' on Azure Win 10 VM