Retrieving a headless silent token for using Powershell

A lot of the things we can click on in the Azure Portal cannot be done through Powershell Cmdlets published by Microsoft.

However, using Fiddler, we can see that there is a ‘hidden’ API we can use, for example, to set permissions. I’ve written a ‘clean’ function to retrieve this token silently that you can use in your scripts, it is not compatible with MFA.

Please be careful using this for production workflows as this is NOT supported by Microsoft.

UPDATE: Newer / mfa compatible version of this function

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Connor Peoples
Connor Peoples
3 years ago

It’s pretty straight forward to resolve the MFA issues. Don’t capture credentials and just call the login cmdlet. this will use MSFTs modern authentication flow.

  $res = login-azurermaccount
  $context = Get-AzureRmContext


[…] should be called using a Service Principal whenever possible. But some endpoints (such as the ‘hidden’ azure api) don’t support service principals and require an actual user to call […]


[…] the “hidden” Azure portal API! I found out about this through a colleague’s blog post at Liebensraum. It enables you to perform various functions in Azure that you normally wouldn’t be able to […]

5 years ago

Whenever I try this technique I get [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureTokenCache] does not contain a method named ‘ReadItems’, i.e. the cache that should hold the refresh token has not been populated.
I’m logged in to AzureRM as a service principal with a certificate; could that be causing problems or is there something else I’m missing?


[…] requires a special token generated by my get-AzureRMtoken function to log […]