powershell connect to azureAD and MSonline automatically and bypassing MFA

Welcome Forums General PowerShell Q&A powershell connect to azureAD and MSonline automatically and bypassing MFA

Viewing 3 reply threads
  • Author
    Posts
    • #232375
      Participant
      Topics: 34
      Replies: 82
      Points: 467
      Rank: Contributor

      Hi,

      in our organisation MFA is enabled on all the accounts.
      is there a way that you can logon automatically to AzureAD and msonline without disabling the MFA for the admin account or creating a service account where the MFA option is disabled

      Paul

    • #232477
      Participant
      Topics: 30
      Replies: 69
      Points: 174
      Rank: Participant

      Your question says, “Is there a way to not disable MFA on the admin account or to not disable MFA on a service account. I think you were trying to ask is there a way to create a service account that MFA would not be needed. The answer to that question is:

      az ad sp create-for-rbac --name="{SOMENAMEHERE}" --role="Contributor" --scopes="/subscriptions/{YOUR SUBSCRIPTION ID HERE}" --years=2 

      You have to capture the output of this command to because it is the only time you will see the secret.

      https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals

      https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

      Let me know if this helps.

    • #232507
      Participant
      Topics: 34
      Replies: 82
      Points: 467
      Rank: Contributor

      Hi,
      sorry that I was not clear in my question
      I use my admin account with MFA enabled (at this point no way to get around this)
      since I’m automating tasks like off and onboarding it would really help if there is a way to logon without having to go through the complete identification process including MFA. especially because I need to logon to azureAD and Msonline

       

      thanks

      Paul

    • #233026
      Participant
      Topics: 30
      Replies: 69
      Points: 174
      Rank: Participant

      Yes, the answer is to create a service principle account in Azure AD.

      The command above is one way to do that, you can also google how to do it in PowerShell.

      Or you can do it through the portal.

      • This reply was modified 1 month, 1 week ago by i255d.
Viewing 3 reply threads
  • You must be logged in to reply to this topic.