A lot of the things we can click on in the Azure Portal cannot be done through Powershell Cmdlets published by Microsoft.
However, using Fiddler, we can see that there is a ‘hidden’ API we can use, for example, to set permissions. I’ve written a ‘clean’ function to retrieve this token silently that you can use in your scripts, it is not compatible with MFA.
https://gitlab.com/Lieben/assortedFunctions/blob/master/get-azureRMtoken.ps1
Please be careful using this for production workflows as this is NOT supported by Microsoft.
It’s pretty straight forward to resolve the MFA issues. Don’t capture credentials and just call the login cmdlet. this will use MSFTs modern authentication flow.
$res = login-azurermaccount
$context = Get-AzureRmContext
[…] should be called using a Service Principal whenever possible. But some endpoints (such as the ‘hidden’ azure api) don’t support service principals and require an actual user to call […]
[…] the “hidden” Azure portal API! I found out about this through a colleague’s blog post at Liebensraum. It enables you to perform various functions in Azure that you normally wouldn’t be able to […]
Whenever I try this technique I get [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureTokenCache] does not contain a method named ‘ReadItems’, i.e. the cache that should hold the refresh token has not been populated.
I’m logged in to AzureRM as a service principal with a certificate; could that be causing problems or is there something else I’m missing?
[…] requires a special token generated by my get-AzureRMtoken function to log […]