I have a PowerShell script which today uses AzureAD commandlets to perform some write operations in Azure AD. This script is to be run on a schedule, and where better to run this than in Azure. It could be as a web job or as an Azure Function.
When running in an app service we cannot use interactive login, but have to use the connect signature below which takes an ADAL app id and a certificate:
Connect-AzureAD –TenantId <tenantId> –ApplicationId <appid> –CertificateThumbprint <thumbprint>
This means we have to create and ADAL app which accepts a certificate, as well as make sure we can access the certificate from the app service.
For this tutorial I’ll go with an Azure Function, but the steps are pretty much the same.
Pre-requisite
Install the AzureAD or AzureADPreview command lets on your local machine.
Steps covered
- Create a self-signed certificate
- Create an ADAL app
- Grant the ADAL app access to write to AAD
- Create an Azure Function
- Load Azure AD PowerShell in an Azure Function
- Connect to AzureAD using an ADAL app and a certificate
Read more »
Comments