It took me quite a while figuring this one out and understanding it. I hope this article helps you save some time.
So you want to “automate stuff” with PowerShell via REST API, without a user account? Here’s your tutorial.
Remark:
In order to do anything, we still need to authenticate somehow…
This is done via an application. We create a “pseudo” application. This application has a unique ID (Username) and can be given an app secret (password).
Login to https://portal.azure.com , search for “App Registration” and click it.
Neu App registrieren.
Choose the app’s name. Something that makes sense would be good… Maybe you want a unique identity per script, team or admin.
Note the application ID. It’s like the username. Then edit the “Settings”.
Choose the required permissions.
In this case, I had to read out several things in Azure AD via Graph. Later I made some adjustments, as I wanted to read some information via Key Vault.
“Grant” permission, so that those are granted in general. Otherwise the “app’s user” would have to satisfy a conesent.
Generate password for the application.
To query something, you always need to connect against the tenant. Therefor you need the tenant ID. In some cases, this can be retrieved automatically. In this case, it can’t, that’s why we need to find it out manually:
Next in part 2: The actual code.