Service Principal

Service Principal Authentication

This type of grant is commonly used for machine-to-machine interactions that must run in the background, such as daemons, or service accounts. In this case, Microsoft Entra ID authenticates and authorizes the app rather than a user. During this step, the client has to authenticate itself to Microsoft Entra ID. The Microsoft identity platform allows the confidential client to authenticate using a shared secret, certificate or federated credential.

Usage Examples

Client secret in command-line flag

$param = @{
    ClientId = '00000000-0000-0000-0000-000000000000';
    ClientSecret = ("MySuperClientSecret" | ConvertTo-SecureString -AsPlainText -Force)
    Instance = 'Azure';
    Collect = 'All';
    subscriptions = '00000000-0000-0000-0000-000000000000';
    TenantID = '00000000-0000-0000-0000-000000000000';
    ExportTo = @("HTML");
}
Invoke-Monkey365 @param

Client certificate in command-line flag

$param = @{
    ClientId = '00000000-0000-0000-0000-000000000000';
    certificate = 'C:\monkey365\testapp.pfx';
    CertFilePassword = ("MySuperCertSecret" | ConvertTo-SecureString -AsPlainText -Force);
    Instance = 'Microsoft365';
    Collect = 'SharePointOnline';
    TenantID = '00000000-0000-0000-0000-000000000000';
    ExportTo = @("HTML");
}
Invoke-Monkey365 @param

References

https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps

https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs