Pablo Cibraro

My notes about software development, security and other stuff.

Getting an Access Token interactively for Azure AD from Powershell

Getting an access token under your credentials is very useful in many scenarios for automation, specially when you are writing Powershell scripts. Unfortunately, this scenario is not well documented anywhere by Microsoft.

I found a Powershell module that wraps MSAL and let you do exactly that. It took me some time to get it working, but here is you can do it.

if (!(Get-Module "MSAL.PS")) {
    Import-Module "MSAL.PS"
}

$TokenResponse = Get-MsalToken -ClientId '<Client ID here> `
 -TenantId "<Tenant ID here> `
 -Interactive `
 -Scopes 'https://graph.microsoft.com/User.Read', 'https://graph.microsoft.com/Group.Read.All', 

$AccessToken = $TokenResponse.AccessToken

You need to get one App Registration created, and assigned with the scopes you will use (Delegated Permissions). The ID for that App Registration is passed as the ClientId argument. In the example above, I am referencing some permissions from the Graph API to read the user profiles and groups.