Add-VBOAzureServiceAccount

Short Description

Creates Microsoft Azure service accounts that are required to use the Azure archiver appliance when transferring backed-up data from Azure Blob storage to Azure Archive storage.

Syntax

This cmdlet provides parameter sets that allow you to:

  • Use an existing Azure AD application and authenticate to Microsoft 365 with an application certificate.

Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <string> -ApplicationId <guid>  -ApplicationCertificatePath <string> [-ApplicationCertificatePassword <securestring>] [-ConfigureApplication <switchparameter>] [-Description <string>] [-SubscriptionIds <string[]>] [<CommonParameters>]

  • Register a new Azure AD application in Azure Active Directory.

Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <string> -ApplicationName <string> -ApplicationCertificatePath <string> [-ApplicationCertificatePassword <securestring>] [-Description <string>] [-SubscriptionIds <string[]>] [<CommonParameters>]

  • Use an existing Azure AD application and authenticate to Microsoft 365 with an application secret.

Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <string> -ApplicationId <guid> -ApplicationSecret <securestring> [-ConfigureApplication <switchparameter>] [-Description <string>] [-SubscriptionIds <string[]>] [<CommonParameters>]

Detailed Description

This cmdlet creates the VBOAzureServiceAccount object. This object contains details of the Microsoft Azure service account that is required to use the Azure archiver appliance when transferring backed-up data from Azure Blob storage to Azure Archive storage.

Parameters

Parameter

Description

Type

Required

Position

Accept Pipeline Input

Accept Wildcard Characters

Region

Specifies a Microsoft Azure region. You can select the following types of region:

  • Global
  • Germany
  • China
  • Government

VBOAzureRegionType

True

Named

False

False

ApplicationName

Specifies a name of a new Azure AD application. The cmdlet will register an Azure AD application with this name in Azure Active Directory.

String

True

Named

False

False

ApplicationId

Specifies an Azure AD application ID. The cmdlet will use this application ID to set up a secure connection to Microsoft 365 organization.

Guid

True

Named

False

False

ApplicationCertificatePassword

Specifies the certificate password. The cmdlet will use this password to confirm the certificate that you want to import to an Azure AD application.

SecureString

False

Named

False

False

ApplicationCertificatePath

Specifies a path to the folder where the certificate is located. The cmdlet will import the certificate that is located in this path to set up a secure connection to Microsoft 365 organization.

String

True

Named

False

False

ApplicationSecret

Specifies an application secret. The cmdlet will use an application secret to set up a secure connection to Microsoft 365 organization.

SecureString

True

Named

False

False

TenantId

Specifies the Microsoft 365 organization ID in Microsoft Azure.

String

True

Named

False

False

ConfigureApplication

Defines that the cmdlet will configure settings of an existing Azure AD application: grant the required permissions and register the specified certificate in Azure Active Directory.

SwitchParameter

False

Named

False

False

Description

Specifies a description of Microsoft Azure service account.

The default description contains information on the user who created the Microsoft Azure service account, date and time when the Microsoft Azure service account was created.

String

False

Named

False

False

SubscriptionIds

Specifies an array of subscriptions associated with a user account that was used to sign in to Microsoft Azure.

String[]

False

Named

False

False

<CommonParameters>

This cmdlet supports Microsoft PowerShell common parameters. For more information on common parameters, see the About CommonParameters section of Microsoft Docs.

Output Object

The cmdlet returns the VBOAzureServiceAccount object that contains Microsoft Azure service account details.

Examples

Add-VBOAzureServiceAccountExample 1. Creating Microsoft Azure Service Account Through Registering New Azure AD Application

This example shows how to create a Microsoft Azure service account through registering a new Azure AD application. The cmdlet will add the application to the Azure Active Directory, grant the required permissions and register the specified certificate.

$securepassword = Read-Host "Enter your password" -AsSecureString

Enter your password: **********

Add-VBOAzureServiceAccount -Region Global -ApplicationName "Archiver Appliance App" -ApplicationCertificatePath "C:\certificate\cert.pfx" -ApplicationCertificatePassword $securepassword -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DRW34WGBN to authenticate.

Perform the following steps:

  1. Run the Read-Host cmdlet. Specify the message that the console will display as a prompt. Provide the AsSecureString parameter. Save the result to the $securepassword variable.
  2. Enter the password.
  3. Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:
  • Specify the Region parameter value.
  • Specify the ApplicationName parameter value.
  • Specify the ApplicationCertificatePath parameter value.
  • Set the $securepassword variable as the ApplicationCertificatePassword parameter value.
  • Specify the SubscriptionIds parameter value.
  1. To set up a secure connection to a Microsoft organization, open the https://microsoft.com/devicelogin link in a browser and enter the code that you get in the PowerShell Console to authenticate to the Microsoft 365 server.

Add-VBOAzureServiceAccountExample 2. Creating Microsoft Azure Service Account Through Using Existing Azure AD Application with Application Certificate

This example shows how to create a Microsoft Azure service account through using the existing Azure AD application and authenticate to Microsoft 365 with an application certificate, grant the required permissions to Azure AD application and register the specified certificate in Azure Active Directory.

$securepassword = Read-Host "Enter your password" -AsSecureString

Enter your password: **********

Add-VBOAzureServiceAccount -Region Global -TenantId "721185d3-7da3-41e0-9452-31342a27c9d1" -ApplicationId dde4daf4-44ff-44a4-9559-53ccc65c500a -ApplicationCertificatePath "C:\certificate\cert.pfx" -ApplicationCertificatePassword $securepassword -ConfigureApplication -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

Perform the following steps:

  1. Run the Read-Host cmdlet. Specify the message that the console will display as a prompt. Provide the AsSecureString parameter. Save the result to the $securepassword variable.
  2. Enter the password.
  3. Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:
  • Specify the Region parameter value.
  • Specify the TenantId parameter value.
  • Specify the ApplicationId parameter value.
  • Specify the ApplicationCertificatePath parameter value.
  • Set the $securepassword variable as the ApplicationCertificatePassword parameter value.
  • Provide the ConfigureApplication parameter.
  • Specify the SubscriptionIds parameter value.

Add-VBOAzureServiceAccountExample 3. Creating Microsoft Azure Service Account Through Using Existing Azure AD Application with Application Secret

This example shows how to create a Microsoft Azure service account through using the existing Azure AD application and authenticate to Microsoft 365 with an application secret, grant the required permissions to Azure AD application and register the application certificate in Azure Active Directory.

$applicationSecret = ConvertTo-SecureString -String "fCblKbIf+kY10+uB+rROD+wZPT/WxcDNX+EU2O33Q1s=" -AsPlainText -Force

Add-VBOAzureServiceAccount -Region Global -TenantId "721185d3-7da3-41e0-9452-31342a27c9d1" -ApplicationId dde4daf4-44ff-44a4-9559-53ccc65c500a -ApplicationSecret $applicationSecret -ConfigureApplication -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

Perform the following steps:

  1. Run the ConvertTo-SecureString cmdlet to convert the plain text to the secure string. Specify the String parameter value. Provide the AsPlainText parameter to turn the plain text to the secure string. Provide the Force parameter. Save the result to the $applicationSecret variable.
  2. Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:
  • Specify the Region parameter value.
  • Specify the TenantId parameter value.
  • Specify the ApplicationId parameter value.
  • Set the $applicationSecret variable as ApplicationSecret parameter value.
  • Provide the ConfigureApplication parameter.
  • Specify the SubscriptionIds parameter value.

Related Commands