PS C:\WINDOWS\system32> New-AzADServicePrincipal -DisplayName "APP-Jiahe"
DisplayName Id AppId
----------- -- -----
APP-Jiahe 26b573e7-667a-427c-8e20-3ff04b7cd837 fb319ce5-8f89-433e-aff5-6ad889f70483
PS C:\WINDOWS\system32> Get-AzADServicePrincipal -ObjectId 26b573e7-667a-427c-8e20-3ff04b7cd837
DisplayName Id AppId
----------- -- -----
APP-Jiahe 26b573e7-667a-427c-8e20-3ff04b7cd837 fb319ce5-8f89-433e-aff5-6ad889f70483
PS C:\WINDOWS\system32> $ServicePrincipalName = Get-AzADServicePrincipal -ObjectId 26b573e7-667a-427c-8e20-3ff04b7cd837
PS C:\WINDOWS\system32> Update-AzADApplication -ApplicationId $ServicePrincipalName.AppId -IdentifierUris "api://app-az" -ReplyUrls "https://localhost"
PS C:\WINDOWS\system32> $StartDate = Get-Date
PS C:\WINDOWS\system32> $EndDate = (Get-Date).AddDays(100)
PS C:\WINDOWS\system32> $creds = [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential]@{
>> StartDateTime = $startDate
>> EndDateTime = $endDate
>> }
PS C:\WINDOWS\system32> $AppCreds = New-AzADAppCredential -ApplicationId $ServicePrincipalName.AppId -PasswordCredentials $creds
PS C:\WINDOWS\system32> $AppCreds.SecretText
gAl8Q~.zBWgup~7Gjb7fNWgo_EEnEIuikl~VeaHn
PS C:\WINDOWS\system32> $roleParam = @{ RoleDefinitionName = "Contributor" PrincipalId = $ServicePrincipalName.Id}
PS C:\WINDOWS\system32> New-AzRoleAssignment @roleParam
RoleAssignmentName : 87009989-074c-46c5-9ff9-65e1f89ebb59
RoleAssignmentId : /subscriptions/c70423db-7052-4dfc-8ae0-d58382bb3b65/providers/Microsoft.Authorization/roleAssignme
nts/87009989-074c-46c5-9ff9-65e1f89ebb59
Scope : /subscriptions/c70423db-7052-4dfc-8ae0-d58382bb3b65
DisplayName : APP-Jiahe
SignInName :
RoleDefinitionName : Contributor
RoleDefinitionId : b24988ac-6180-42a0-ab88-20f7382dd24c
ObjectId : 26b573e7-667a-427c-8e20-3ff04b7cd837
ObjectType : ServicePrincipal
CanDelegate : False
Description :
ConditionVersion :
Condition :
PS C:\WINDOWS\system32> $clientSecret = $appCreds.SecretText | ConvertTo-SecureString -AsPlainText -Force
PS C:\WINDOWS\system32> $connectCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ServicePrincipalName.AppId,$clientSecret
PS C:\WINDOWS\system32> Connect-AzAccount -ServicePrincipal -Credential $connectCreds -Tenant (Get-AzAccessToken).TenantId
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
fb319ce5-8f89-433e-aff5-6ad889f70483 Visual Studio Enterprise aef0a0b1-ee16-4a34-a359-af456dd5c1e5 AzureCloud
PS C:\WINDOWS\system32>