Service principle are non-interactive Azure accounts. Applications use Azure services should always have restricted permissions. Azure offers Service principals allow applications to login with restricted permission Instead having full privilege in non-interactive way.
Using Service Principal we can control which resources can be accessed.
For Security reason, it’s always recommended to use service principal with automated tools rather than allowing them to log in with user identity
Create a Service Principal with PowerShell.
Note: For this demo we are using Azure RM PowerShell module. Azure has introduced new PowerShell module called AZ. Create AD App
This service principal is valid for one year from the created date and it has Contributor Role assigned. Further using this Service principal application can access resource under given subscription. We can scope to resources as we wish by passing resource id as a parameter for Scope.
View created AD app in Portal
1. Log in Portal
Go to Azure Active Direcoty -> App Registrations
We can find the created app as below
Once we click the app we will see app details as below
We need this information when we need to login through Service principal
In some cases, we need to run some script in administrator mode.
Sometimes we face a situation where we want to know whether the script is running on Administrator mode.
Following script says whether PowerShell script is running on Administrator mode or not.
$elevated = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")
if($elevated -eq $false)
throw "In order to install services, please run this script elevated."
Write-Host "You are in Administrator mode"