对MSOnline模块和AzureAD模块的应用程序密码支持。 [英] App pasword support for MSOnline module and AzureAD module.

问题描述

团队，

我需要自动化PowerShell脚本而无需交互来管理我的azure广告环境。根据策略，出于安全原因，所有全局管理员都必须启用MFA。在MSOnline / AzureAD模块中使用应用程序密码时会引发错误。
是什么解决方案？

解决方案

你好  o365developer ， 

在这种情况下，我认为您无法使用App密码，因为应用密码系统是为无法支持基于REST的现代身份验证的传统身份验证应用程序创建的。 Azure AD powershell和MSOnline powershell将无法使用
，因为它们不会将登录请求发送到符合应用程序密码机制的端点。我不认为你可以在没有交互的情况下自动化PowerShell。如果必须在Azure AD租户上自动执行操作，则更好的方法是创建服务原则并使用
Microsoft Graph 或
Azure AD图形API   。请查看以下文章。 

https://developer.microsoft.com/en-us/office/blogs/microsoft-graph-or-azure-ad-graph/

https://docs.microsoft.com /en-us/graph/api/resources/azure-ad-overview?view=graph-rest-1.0

https://docs.microsoft.com/en-us/graph/overview

https://developer.microsoft.com/en-us/graph/get-started

I了解这需要一点时间，但您可以在此处查看示例，并在此处使用Microsoft Graph资源管理器了解更多信息  https://developer.microsoft.com/en-us/graph/graph-explorer 。 

<希望这些信息有所帮助。 

谢谢。 

Team,

I need to automate powershell scripts without interaction to manage my azure ad environment. By policy, all global admins must have MFA enabled for security reasons. When using app password in MSOnline/AzureAD module error is thrown. What is the solution to this?

解决方案

Hello o365developer, 

I don't think you would be able to use App password in this case because app password system was created for legacy auth applications which cant support REST based modern authentication. Azure AD powershell and MSOnline powershell will not be able to use it as they do not send the logon requests to the endpoints which honor app password mechanism. I don't think you would be able to automate powershell without interaction at this point. If you have to automate operations on Azure AD tenant , the better way would be to create a service principle and use Microsoft Graph or Azure AD graph API  . Please check the following articles. 

https://developer.microsoft.com/en-us/office/blogs/microsoft-graph-or-azure-ad-graph/

https://docs.microsoft.com/en-us/graph/api/resources/azure-ad-overview?view=graph-rest-1.0

https://docs.microsoft.com/en-us/graph/overview

https://developer.microsoft.com/en-us/graph/get-started

I understand it would take a little time but you can check the samples here and learn more live using the Microsoft Graph explorer here https://developer.microsoft.com/en-us/graph/graph-explorer. 

Hope this information helps. 

Thank you. 

这篇关于对MSOnline模块和AzureAD模块的应用程序密码支持。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！