Azure AD connection -Credential

HI All

 

first step into remote AAD, my intention is to create a GUI for users within our Org to provision invites to collaborators (using a service / admin acct). However my first hurdle has been connection, previously connecting to exchange etc… i could use credential objects as below

$Username = "global\User.name"
$Password = ConvertTo-SecureString "Password" -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

$session = New-PSSession -ConnectionURI https://Servername@domain.com/OCSpowershell -Credential $cred
Import-PSSession $session

i assumed (wrongly) i could do similar with AAD so tried

$Username = "global\User.name"
$Password = ConvertTo-SecureString "Password" -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

Connect-AzureAD -TenantId "xxxxxxxxxxxxxxxxxxxxxxxx" -credential $cred

is there any method similar to this i could use, if no what is the best method ?

 

One should never ever put passwords in plain text in any script, especially in production.

Now, that being said, if you are trying to use creds in multiple use cases, it is best to use them from a stored location, like the Windows Credential Manager or a secure file. Those creds are only usable from the machine they are created on, but can be used in local and remote session (on-prem and cloud resources).

There are lots of articles and pre-built scripts to guide and help here.

Securely Store Credentials on Disk http://powershellcookbook.com/recipe/PukO/securely-store-credentials-on-disk

The first step for storing a password on disk is usually a manual one. There is nothing mandatory about the filename, but we’ll use a convention to name the file CurrentScript.ps1.credential. Given a credential that you’ve stored in the $credential variable, you can safely use the Export-CliXml cmdlet to save the credential to disk. Replace CurrentScript with the name of the script that will be loading it:

$credPath = Join-Path (Split-Path $profile) CurrentScript.ps1.credential
$credential | Export-CliXml $credPath
Quickly and securely storing your credentials – PowerShell https://www.jaapbrasser.com/quickly-and-securely-storing-your-credentials-powershell

To get a credential object we can either manually create one or use the Get-Credential cmdlet to prompt for the account details:

$Credential = Get-Credential

To store the credentials into a .cred file:

$Credential | Export-CliXml -Path "${env:\userprofile}\Jaap.Cred"

And to load the credentials from the file and back into a variable:

$Credential = Import-CliXml -Path "${env:\userprofile}\Jaap.Cred"
Invoke-Command -Computername 'Server01' -Credential $Credential {whoami}
Using Windows Credential Manager

https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde
https://www.powershellgallery.com/packages/CredentialManager/1.0
https://techcommunity.microsoft.com/t5/Windows-PowerShell/Store-password-in-Windows-credential-manager-and-use-it-in/td-p/36192

Here is an example of how I connect to AAD and Exchange MSOL and Exchange On-Prem resources in one of my labs:

# Retrieve all stored multiple creds
   $CredPath = ".\SessionCreds.xml"
   $creds = Import-Clixml -Path $CredPath 

# Environment setup
   Connect-MsolService -Credential $creds.CloudAdmin
   Import-Module -Name MSOnlineExtended

   Connect-AzureAD -Credential $creds.CloudAdmin
   Import-Module -Name AzureADPreview

   Import-Module -Name 'ADSync' 
   Start-ADSyncSyncCycle


# Exchange on-pre using a cmdlet prefix
$ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' `
-ConnectionUri ("http://$ExPFqdn/PowerShell") `
-Authentication Kerberos -Credential $Creds.DomainAdmin
Import-PSSession $ExpSession -Prefix 'EXP'


# Exchange on-pre using a cmdlet prefix
$ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange `
-ConnectionUri 'https://outlook.office365.com/powershell-liveid/' `
-Credential $Creds.CloudAdmin -Authentication Basic -AllowRedirection
Import-PSSession $ExoSession -Prefix 'EXO'

There are similar approaches around the web.

Office 365 Connection Script - Basic

This PowerShell connection script is perfect for Exchange and user administration as it quickly connects to the following Office 365 Services. - Exchange Online - Azure AD v1.0 - (MSOL) - Azure AD v2.0 - (Azure AD)

https://gallery.technet.microsoft.com/office/Office-365-Connection-364d270b

Connect to all Office 365 services in a single Windows PowerShell window
https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-all-office-365-services-in-a-single-windows-powershell-window

Connect PowerShell to Office 365 services

You can use PowerShell to manage the services in Office 365, but first you need to connect in PowerShell to the specific service. See these topics for details:

Azure Active Directory Connect to Office 365 PowerShell
Exchange Online Connect to Exchange Online PowerShell
Security & Compliance Center Connect to Office 365 Security & Compliance Center PowerShell
Skype for Business Online Connecting to Skype for Business Online by using Windows PowerShell
SharePoint Online Connect to SharePoint Online PowerShell

https://support.office.com/en-us/article/Connect-PowerShell-to-Office-365-services-06a743bb-ceb6-49a9-a61d-db4ffdf54fa6

many thanks for the above, appreciate the time it took to write that :slight_smile:

No worries.