Share via

PowerShell script to fetch App

Sharath chandra Gajjela 1 Reputation point
2022-08-14T09:43:55.317+00:00

HI,

I have got a PowerShell script that gives the information about the expiration of the secrets of app registrations. So when I run the script from my local machine on Azure sandbox, I get desired output but when I execute the same script in my organization's azure portal, It keeps loading forever and doesn't show the desired output. I know it's something related to rights/permissions and I've compared them with Sandbox but with no success. So can someone help me with what I'm missing?

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,196 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,462 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Broggy 5,701 Reputation points MVP
    2022-08-14T13:05:55.52+00:00

    Hi SharathchandraGajjela,

    This is likely because your org is expecting 2FA for authentication.
    (jump to the end for another alternative)

    Have you tried testing your connection manually?
    From a powershell window, type: Connect-AzAccount
    You'll very likey to be prompted to authenticate for 2FA.
    This is probably the issue.

    You can also test this by mapping your credentials out and trying to login:
    $User = "xxx@xxxxxxxxxxxxx .onmicrosoft.com"
    $PWord = ConvertTo-SecureString -String "<Password>" -AsPlainText -Force
    $tenant = "<tenant id>"
    $subscription = "<subscription id>"
    $Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User,$PWord
    Connect-AzAccount -Credential $Credential -Tenant $tenant -Subscription $subscription

    Again, you'll likely see an error expecting 2FA:

    Connect-AzAccount: You must use multi-factor authentication to access tenant xxxxx, ...

    Using passwords to connect to Azure is generally considered insecure.

    A better way to run your script is within the Azure CLI.

    From here you can run:

    Connect Az-Account -Identity

    This allows Azure to use Managed Identities so a password is never exposed.

    It would require some tweaks to your script but it might be a better solution for you.

    Hope that helps.