AAD Service Principal Certificate Authentication

Did you ever wanted to automate everything in Azure? Using Azure Automation or using Remote PowerShell – pretty much anything automated in Azure, you should NOT be using a stock standard user account. Why? Because you can have all sorts of problems, for instance the password can expire and then it breaks everything and everything stops working. It’s a bit like on-prem days where you would use specific service accounts, each service account setup for a specific purpose, much easier to manage and it’s best practice.

In Azure it’s no difference, you use a service principal and grant this service principal access to where ever in Azure with contributor or owner privileges.

The below script (run as admin) walks you through setting up an AAD application, creating the service principal, creating a self signed certificate then uploading the certificate to Azure.

There’s a section further below in the script to create all the Azure automation variables and sets up the certificate. Remember, you need the certificate installed on the machine in which you want to connect automatically to Azure with using certificate based authentication.

Azure PowerShell

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: