What is Service principle?

Service principle are non-interactive Azure accounts. Applications use Azure services should always have restricted permissions. Azure offers Service principals allow applications to login with restricted permission Instead having full privilege in non-interactive way.

Using Service Principal we can control which resources can be accessed.

For Security reason, it’s always recommended to use service principal with automated tools rather than allowing them to log in with user identity

Create a Service Principal with PowerShell.

Note: For this demo we are using Azure RM PowerShell module. Azure has introduced new PowerShell module called AZ. Create AD App

Create AD app

Create a Service Principal

This service principal is valid for one year from the created date and it has Contributor Role assigned. Further using this Service principal application can access resource under given subscription. We can scope to resources as we wish by passing resource id as a parameter for Scope.

View created AD app in Portal

1. Log in Portal

Go to Azure Active Direcoty -> App Registrations

We can find the created app as below

Once we click the app we will see app details as below

We need this information when we need to login through Service principal

Login using Service Principal with Powershell

Fill out the required parameters.

Once we run the script we can successfully log in to Azure using Service Principal

Full code: 🙂