A lot of the things we can click on in the Azure Portal cannot be done through Powershell Cmdlets published by Microsoft.
However, using Fiddler, we can see that there is a ‘hidden’ API we can use, for example, to set permissions. I’ve written a ‘clean’ function to retrieve this token silently that you can use in your scripts, it is not compatible with MFA.
https://github.com/jflieben/assortedFunctionsV2/blob/main/get-azureRMtoken.ps1
Please be careful using this for production workflows as this is NOT supported by Microsoft.
[…] requires a special token generated by my get-AzureRMtoken function to log […]
Whenever I try this technique I get [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureTokenCache] does not contain a method named ‘ReadItems’, i.e. the cache that should hold the refresh token has not been populated.
I’m logged in to AzureRM as a service principal with a certificate; could that be causing problems or is there something else I’m missing?
[…] the “hidden” Azure portal API! I found out about this through a colleague’s blog post at Liebensraum. It enables you to perform various functions in Azure that you normally wouldn’t be able to […]
[…] should be called using a Service Principal whenever possible. But some endpoints (such as the ‘hidden’ azure api) don’t support service principals and require an actual user to call […]
It’s pretty straight forward to resolve the MFA issues. Don’t capture credentials and just call the login cmdlet. this will use MSFTs modern authentication flow.
$res = login-azurermaccount
$context = Get-AzureRmContext