This article provides information on the resources needed to register a new Powershell application in Azure to run without needing to prompt for username and password credentials
In order for Azure to be able to run PowerShell scripts which connect to Exchange and Sharepoint without being prompted to supply username and password details, several configuration steps must first be undertaken. These include registering an application (in this case the app is the PowerShell script) and creating digital certificates that give the application access to various resources.
Important: this is a complex area – do not edit any existing configurations unless you are absolutely sure that you know what you are doing! By all means use these scripts to create a new app with a separate digital certificate – just don’t change any existing configurations.
- Register a new Azure Application
- Assign permissions to the Azure application so that it can connect to Exchange and Sharepoint
- Create a digital certificate that facilitates connection to Exchange and Sharepoint without prompting for username and password details (so it is ideally suited to the execution of automated tasks which involve interaction with Exchange or Sharepoint). Note: in order to create the certificate, the user is initially prompted for a certificate password – use the password stored in Bitwarden under the title “Azure Digital Certificate Password”
- Loads the certificate into the following places:
(a) the personal certificate store on the local PC, for use by PowerShell scripts which are executed on that PC
(b) into Azure, for use by PowerShell scripts executed as part of an Azure runbook.
Generates and automatically executes two additional example PowerShell scripts, one to verify that the registered app can connect to Exchange using the newly created digital certificate, and the other to check that the app can connect to Sharepoint using the same certificate.
- Executed via PowerShell ISE. In this case, the digital certificate is retrieved from the personal certificate store
- Executed via a PowerShell run book. In this case, the digital certificate is retrieved from the Azure certificate store. The existing PowerShell script for Distribution List Provisioning uses this code as it needs access to both Exchange and Sharepoint in order to populate distribution lists from the membership and volunteer Sharepoint lists.