Certificate-based authentication for an Azure
Certificate-based authentication for an Azure
The best idea to authenticate for an Azure from application is to use Managed Identity. But sometimes it is not possible (e.g. On-Prem), so more secure way is to use certificate-based authentication than secret (password).
Here is a quick manual:
#Create Certificate
New-SelfSignedCertificate -Subject “CN=CertForMyApp” -CertStoreLocation “Cert:\CurrentUser\My” -KeyExportPolicy Exportable -KeySpec Signature
#Export Certificate from Store (mmc command)
#Create App registrations (portal.azure.com)
#Upload Certificate (portal.azure.com)
#Assign Permission (portal.azure.com)
#Check local Certificates
Get-ChildItem Cert:\ -Recurse|Select-String C2A35AA0BB502DF93AB92EF4CE8BC71CAD7318
#Connect to Azure
Connect-AzAccount -ApplicationId f3ac2214-e37b-4f3e-9023-29abad27c8 -Tenant e9823fe4-675d-4843-a547-4154fc131c -CertificateThumbprint C2A35AA0BB502DF93AB92EF4CE8BC71CAD7318