Retrieving a headless silent token for main.iam.ad.ext.azure.com using Powershell

A lot of the things we can click on in the Azure Portal cannot be done through Powershell Cmdlets published by Microsoft.

However, using Fiddler, we can see that there is a ‘hidden’ API we can use, for example, to set permissions. I’ve written a ‘clean’ function to retrieve this token silently that you can use in your scripts, it is not compatible with MFA.

https://gitlab.com/Lieben/assortedFunctions/blob/master/get-azureRMtoken.ps1

Please be careful using this for production workflows as this is NOT supported by Microsoft.

5
Leave a Reply

avatar
3 Comment threads
2 Thread replies
2 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
andyJos Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
trackback

[…] the “hidden” Azure portal API! I found out about this through a colleague’s blog post at Liebensraum. It enables you to perform various functions in Azure that you normally wouldn’t be able to […]

andy
Guest
andy

Whenever I try this technique I get [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureTokenCache] does not contain a method named ‘ReadItems’, i.e. the cache that should hold the refresh token has not been populated.
I’m logged in to AzureRM as a service principal with a certificate; could that be causing problems or is there something else I’m missing?

trackback

[…] requires a special token generated by my get-AzureRMtoken function to log […]