Azure Active Directory (Azure AD) is Microsoft’s fully managed multi-tenant identity and access capabilities for app service. More organizations are now harnessing the security capabilities of Azure AD into the apps they create for an additional layer of authentication. This post will cover how to register an app to Azure AD via PowerShell to take advantage of this.
The Azure AD Module needs to be added to PowerShell prior to getting started. Execute the command below in PowerShell using elevated or Administrative status:
Once the Azure AD Module is installed, run the following command in the same PowerShell window to connect to the required Azure AD tenant:
NOTE: The required TenantId will be required in subscriptions with multiple tenants. The TenantId value can be found in the Azure Portal navigating to Azure Active Directory > Properties and is listed under Directory ID.
Run the following command in the same PowerShell window to connect to the specific Azure AD TenantId (if required):
Connect-AzureAD -TenantId *Insert Directory ID here*
Step 1: Creating the Azure AD App Registration
Next the following cmdlet is run, now that required Azure AD tenant is connected to PowerShell, to capture the name of the application and the IdentifierURI.
$appName = "TailwindTradersSalesApp"
$appURI = "https://tailwindtraderssalesapp.twtmitt.onmicrosoft.com"
$appHomePageUrl = "<a href="http://www.tailwindtraders.com/" target="_blank" rel="noopener nofollow noreferrer">http://www.tailwindtraders.com/</a>"
$appReplyURLs = @($appURI, $appHomePageURL, "https://localhost:1234")
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'" -ErrorAction SilentlyContinue))
$myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs
Step 2: Adding the App Key
With the required URIs now captured, it is time to add the application key. The key will be stored in the Azure Key Vault which ensures the it’s security and disallows unauthorized access. Run the following command to invoke this process:
$Guid = New-Guid
$startDate = Get-Date
$PasswordCredential = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential
$PasswordCredential.StartDate = $startDate
$PasswordCredential.EndDate = $startDate.AddYears(1)
$PasswordCredential.KeyId = $Guid
$PasswordCredential.Value = ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($Guid))))
NOTE: The PasswordCredential value is created as a Base64 value and is saved in the Azure Key Vault.
This process can also be completed via the Azure Portal but will take much more time to complete.