Connect-PowerBIServiceAccount -Credential $Credential fails from Azure Automation Account

[o-l-a-v]

I'm trying to use MicrosoftPowerBIMgmt.Admin and MicrosoftPowerBIMgmt.Profile with Azure Automation Account to get Power BI audit logs and push them to a Storage Account with Az.Accounts nad Az.Storage.

I've created a user that has:

• Disabled password expiration
• Excluded from MFA
• RBAC contributor directly on the storage account
• Power BI Administrator in Azure AD

Problem is the Connect-PowerBIServiceAccount cmdlet.

From PowerShell ISE

When running $null = Connect-PowerBIServiceAccount -Credential $Credential from my machine, a black terminal pops up and disappears, and I get connected.

Modules

From Azure Automation Account

When running that from Automation Account with the same credential fetched from Automation Account Credentials, it causes the script to restart.

Modules

Q

How can we silently log in with a Azure AD user in a way that will work also from a Automation Account?

[o-l-a-v]

Also, I can't use service principal with the Get-PowerBIActivityEvent cmdlet. Tried both adding API permissions to the automation account RunAs account App Registration, but also added automation account RunAs account Service Principal to the AAD role Power BI Administrator.

• https://github.com/microsoft/powerbi-powershell/issues/209
• https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal#considerations-and-limitations

Summary: MicrosoftPowerBIMgmt cannot be used in Azure Automation Account?

[o-l-a-v]

Ended up using ExchangeOnlineManagement module, added Exchange Online permission View-Only Audit Logs to the AAD user used as service account for this task, and cmdlet Search-UnifiedAuditLog.

Too bad a PowerShell module created for Power BI by Microsoft can't be used in a Microsoft Azure product such as Automation Accounts.

[Mimiix]

@o-l-a-v Is there a update on this or is this still the way to go?

[o-l-a-v]

@o-l-a-v Is there a update on this or is this still the way to go?

The runbook I created is still runs happily using ExchangeOnlineManagement AFAIK, so I don't know.

There is no new versions of the module itself, as you can see yourself at PowerShellGallery:

• https://www.powershellgallery.com/packages/MicrosoftPowerBIMgmt

[Mimiix]

Alright. Then that's the way i probaby need to take aswell. I am not sure on our usecase yet, but i need to mass import and export PowerBI dataflows.

Thanks for your quick reply @o-l-a-v !

[furmangg]

You might also keep an eye on #190 though I'm not holding my breath for a resolution anytime soon

[MasterKuat]

@o-l-a-v : Hi, I reached to use cmdlet in automation with a connection like :

$connectionName = "AzureRunAsConnection"
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName         
$null = Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint -ApplicationId $servicePrincipalConnection.ApplicationId -Tenant $servicePrincipalConnection.TenantId -ErrorAction Stop

My automation SPN is in a AAD security group and this security group is allowed to call API (Power BI administration option)

Hope this help.