I want to connect MgGraph without user interaction.
Normally we use normal command like Connect-MgGraph
I found that we can do that by passing certificate
as parameter. From powershell, there are many scripts but unable to get any from Graph api.
How to create certificate from Microsoft graph Api?
TIA
CodePudding user response:
Step 1
Open an admin PowerShell prompt and run the below command to create the self-assign certificate
$pwd = "abc@xyz#"
$thumb = (New-SelfSignedCertificate -DnsName "script.mydomain.com" -CertStoreLocation "cert:\LocalMachine\My" -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter (Get-Date).AddMonths(24)).Thumbprint
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\user\cert.pfx -Password $pwd
where
- “abc@xyz#” with your own complex password.
- NotAfter (Get-Date).AddMonths(24) here we are setting the expiring date for the certificate, now 24 months in this case. Adjust as required
- “c:\user\cert.pfx” with where you would like a copy of the certificate saved
Step 2
Before we can upload the certificate to Azure, we need to convert the certificate to Base64. You could use the certificates MMC snap-in as we marked the certificate as exportable or run the below PowerShell,
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\user\cert.pfx", "abc@xyz#")
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) | Out-File c:\user\cert_base64.crt
where "c:\user\cert_base64.crt" is your new base64 certificate path
Step 3
upload certificate to azure portal
Step 4
then copy the thumbprint , we will use in below command
Step 5
Connect to Azure
$tenantID = "<Your Tenant ID>"
$applicationID = "<Your Application ID>"
$thumbprint = "<Your Certificate Thumbprint>"
Connect-MgGraph -ClientID $applicationID -TenantId $tenantID - CertificateThumbprint $thumbprint
Ger all Azure AD Users /
Get-MgUser
Hope this helps
Thanks