Ruthhl3ss
commented
2 years ago Hi,
This blog shows how to authenticate via a client secret to MS Graph
https://www.nielskok.tech/intune/intune-backup-to-storage-account/
Thanks,
Niels
Closed Nathan187 closed 2 years ago
Ruthhl3ss
commented
2 years ago Hi,
This blog shows how to authenticate via a client secret to MS Graph
https://www.nielskok.tech/intune/intune-backup-to-storage-account/
Thanks,
Niels
Nathan187
commented
2 years ago I appreciate the comment however I’m not sure it answers the question. If you look at the pwsh script mentioned (to add a LOB app) it doesn’t accept parameters the way your example does.
Ruthhl3ss
commented
2 years ago Aah, you are right.
Nathan187
commented
2 years ago Yeah, so I’m guessing user principal and service principal are two separate things. I wish they provided better examples
Ruthhl3ss
commented
2 years ago Looking at it again... To-Do the post method in the API request you need to have your authentication setup just like I described in my earlier post. Hope it helps!
Nathan187
commented
2 years ago It is already setup properly in Azure. I just don’t know what to use. Use principals and service principals are two different things. The script is explicitly asking for a use principal
Ruthhl3ss
commented
2 years ago I think it's about authentication headers. Did you already try the authentication headers with the user principal and service principal? What works? Or do they both don't work?
Nathan187
commented
2 years ago User principal prompts me for my credentials in a pop up window. For the service principal, I don’t know which value to put is an the use name. The name of our app registration has spaces in it..,so I’m thinking this will not work or there is some other value that is needed
Ruthhl3ss
commented
2 years ago For the service principal, you need the app id. For the user principal you need to add the parameter -interactive. (Then you can log on with an account that has the appropriate permissions
Nathan187
commented
2 years ago I already have that information. I’m not sure we are looking at the same thing. (I have already tried that anyway)
Nathan187
commented
2 years ago so the script prompts me for user principal: Please specify your user principal name for Azure Authentication:
when i use the app id (of the app registration), an error comes back: New-Object : Exception calling ".ctor" with "1" argument(s): "The specified string is not in the form required for an e-mail address." At C:\temp\Application_LOB_ADD.ps1:34 char:12
yeah...so tell me something is whacky/weird here. i wish the author of the script would have documented it a little better
trying to execute the powershell script: .\Application_LOB_AdDD.ps1
it will prompt for the credentials (principal name): Please specify your user principal name for Azure Authentication:
we have an app registration in Azure. any tips on what to use to authenticate? client id, secret id? do i need to log in to graph previously using client certificate of something?
it's not very clear. thanks