how to automate connect-azaccount prompt for MFA enabled account access

Richkm 146 Reputation points
2022-03-11T10:03:34.36+00:00

Hello,
I have a script that need that have connect-azAccount ,Currently I am manually providing credential(username and password) and then MFA approval.
how to automate or pass values so that I don't need to manually provide credential. One link i got but its for not enabled mfa account.
https://stackoverflow.com/questions/61098097/connect-azaccount-without-prompt ,My account is MFA enabled.

Thanks
Rich

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,575 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,411 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 17,021 Reputation points MVP
    2022-03-11T10:19:16.68+00:00

    Hi @Richkm

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    If you need connect automatically, you can't use an account with MFA

    You can create a Service principal for that script, and authenticate in the following way

    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecuredPassword  
    Connect-AzAccount -ServicePrincipal -TenantId $TenantId -Credential $Credential  
    

    Also, you can authenticate the services principal with certificate, and connect in the following way

    $Thumbprint = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'  
    $TenantId = 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyy'  
    $ApplicationId = '00000000-0000-0000-0000-00000000'  
    Connect-AzAccount -CertificateThumbprint $Thumbprint -ApplicationId $ApplicationId -Tenant $TenantId -ServicePrincipal  
    

    You can create a service principal with a certificate following this tutorial https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Please "Accept as Answer" and/or Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.