Azure Powershell - automating Login-AzureRmAccount AD Login - for Azure function

Question

I have this Azure Powershell script, which successfully backs up a SQL Azure DB to Azure Blob.

In its current form, it requires me to log in via AD.

I now need to implement this script to execute via a Azure Function at specific intervals.

The first snippet of the script:

$subscriptionId = "YOUR AZURE SUBSCRIPTION ID"

Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId $subscriptionId

I thus need to not use Login-AzureRmAccount, but replace it with a method that does not require human input.

I have found this link:

https://cmatskas.com/automate-login-for-azure-powershell-scripts/

• In short, the author:
  1. Creates an Azure AD Application (with its own password)
  2. Creates a Service Principal
  3. Assigns Permissions to the Service Principal

This is a once-off manual creation - which is perfect.

The author then logs in to this newly created application

$psCred = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePassword)


Add-AzureRmAccount -Credential $psCred -TenantId e801a3ad-3690-4aa0-a142-1d77cb360b07 -ServicePrincipal

My questions:

1. Is this what I should do to be able to automate my application and prevent human login?

2. This Azure AD app created in step 1 - can I use this app as a starting point in my of my Azure functions?

Answer 1

1. Yes, you can use that route, or use certificate auth, or use an Azure AD user, it can login with user\password, but is considered less secure than service principal.
2. Yes, you can use one service principal for any number of Azure Functions you would like to.

Answer 2

To use Azure PowerShell in Azure Functions, you may refer to the following response in another SO thread. The example is an HTTP-Trigger, but you can modify it to use a Timer-Trigger for your use-case. Here's the link:

Azure Function role like permissions to Stop Azure Virtual Machines