Retrieving a headless silent token for main.iam.ad.ext.azure.com using Powershell

A lot of the things we can click on in the Azure Portal cannot be done through Powershell Cmdlets published by Microsoft.

However, using Fiddler, we can see that there is a ‘hidden’ API we can use, for example, to set permissions. I’ve written a ‘clean’ function to retrieve this token silently that you can use in your scripts, it is not compatible with MFA.

https://gitlab.com/Lieben/assortedFunctions/blob/master/get-azureRMtoken.ps1

Please be careful using this for production workflows as this is NOT supported by Microsoft.

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

6 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
trackback

[…] should be called using a Service Principal whenever possible. But some endpoints (such as the ‘hidden’ azure api) don’t support service principals and require an actual user to call […]

trackback

[…] the “hidden” Azure portal API! I found out about this through a colleague’s blog post at Liebensraum. It enables you to perform various functions in Azure that you normally wouldn’t be able to […]

andy
andy
1 year ago

Whenever I try this technique I get [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureTokenCache] does not contain a method named ‘ReadItems’, i.e. the cache that should hold the refresh token has not been populated.
I’m logged in to AzureRM as a service principal with a certificate; could that be causing problems or is there something else I’m missing?

trackback

[…] requires a special token generated by my get-AzureRMtoken function to log […]