Add-VBOAzureServiceAccount

In this article

    Short Description

    Creates Microsoft Azure service accounts that are required to use the Azure archiver appliance when transferring backed-up data from Azure Blob storage to Azure Archive storage.

    Syntax

    This cmdlet provides parameter sets that allow you to:

    • Use an existing Azure AD application and authenticate to Microsoft 365 with an application certificate.

    Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <string> -ApplicationId <guid>  -ApplicationCertificatePath <string> [-ApplicationCertificatePassword <securestring>] [-ConfigureApplication <switchparameter>] [-Description <string>] [-SubscriptionIds <string[]>] [<CommonParameters>]

    • Register a new Azure AD application in Azure Active Directory.

    Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <string> -ApplicationName <string> -ApplicationCertificatePath <string> [-ApplicationCertificatePassword <securestring>] [-Description <string>] [-SubscriptionIds <string[]>] [<CommonParameters>]

    • Use an existing Azure AD application and authenticate to Microsoft 365 with an application secret.

    Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <string> -ApplicationId <guid> -ApplicationSecret <securestring> [-ConfigureApplication <switchparameter>] [-Description <string>] [-SubscriptionIds <string[]>] [<CommonParameters>]

    Detailed Description

    This cmdlet creates the VBOAzureServiceAccount object. This object contains details of the Microsoft Azure service account that is required to use the Azure archiver appliance when transferring backed-up data from Azure Blob storage to Azure Archive storage.

    Parameters

    Parameter

    Description

    Type

    Required

    Position

    Accept Pipeline Input

    Accept Wildcard Characters

    Region

    Specifies a Microsoft Azure region. You can select the following types of region:

    • Global
    • Germany
    • China
    • Government

    VBOAzureRegionType

    True

    Named

    False

    False

    ApplicationName

    Specifies a name of a new Azure AD application. The cmdlet will register an Azure AD application with this name in Azure Active Directory.

    String

    True

    Named

    False

    False

    ApplicationId

    Specifies an Azure AD application ID. The cmdlet will use this application ID to set up a secure connection to Microsoft 365 organization.

    Guid

    True

    Named

    False

    False

    ApplicationCertificatePassword

    Specifies the certificate password. The cmdlet will use this password to confirm the certificate that you want to import to an Azure AD application.

    SecureString

    False

    Named

    False

    False

    ApplicationCertificatePath

    Specifies a path to the folder where the certificate is located. The cmdlet will import the certificate that is located in this path to set up a secure connection to Microsoft 365 organization.

    String

    True

    Named

    False

    False

    ApplicationSecret

    Specifies an application secret. The cmdlet will use an application secret to set up a secure connection to Microsoft 365 organization.

    SecureString

    True

    Named

    False

    False

    TenantId

    Specifies the Microsoft 365 organization ID in Microsoft Azure.

    String

    True

    Named

    False

    False

    ConfigureApplication

    Defines that the cmdlet will configure settings of an existing Azure AD application: grant the required permissions and register the specified certificate in Azure Active Directory.

    SwitchParameter

    False

    Named

    False

    False

    Description

    Specifies a description of Microsoft Azure service account.

    The default description contains information on the user who created the Microsoft Azure service account, date and time when the Microsoft Azure service account was created.

    String

    False

    Named

    False

    False

    SubscriptionIds

    Specifies an array of subscriptions associated with a user account that was used to sign in to Microsoft Azure.

    String[]

    False

    Named

    False

    False

    <CommonParameters>

    This cmdlet supports Microsoft PowerShell common parameters. For more information on common parameters, see the About CommonParameters section of Microsoft Docs.

    Output Object

    The cmdlet returns the VBOAzureServiceAccount object that contains Microsoft Azure service account details.

    Examples

    Add-VBOAzureServiceAccountExample 1. Creating Microsoft Azure Service Account Through Registering New Azure AD Application

    This example shows how to create a Microsoft Azure service account through registering a new Azure AD application. The cmdlet will add the application to the Azure Active Directory, grant the required permissions and register the specified certificate.

    $securepassword = Read-Host "Enter your password" -AsSecureString

    Enter your password: **********

    Add-VBOAzureServiceAccount -Region Global -ApplicationName "Archiver Appliance App" -ApplicationCertificatePath "C:\certificate\cert.pfx" -ApplicationCertificatePassword $securepassword -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

    WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DRW34WGBN to authenticate.

    Perform the following steps:

    1. Run the Read-Host cmdlet. Specify the message that the console will display as a prompt. Provide the AsSecureString parameter. Save the result to the $securepassword variable.
    2. Enter the password.
    3. Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:
    • Specify the Region parameter value.
    • Specify the ApplicationName parameter value.
    • Specify the ApplicationCertificatePath parameter value.
    • Set the $securepassword variable as the ApplicationCertificatePassword parameter value.
    • Specify the SubscriptionIds parameter value.
    1. To set up a secure connection to a Microsoft organization, open the https://microsoft.com/devicelogin link in a browser and enter the code that you get in the PowerShell Console to authenticate to the Microsoft 365 server.

    Add-VBOAzureServiceAccountExample 2. Creating Microsoft Azure Service Account Through Using Existing Azure AD Application with Application Certificate

    This example shows how to create a Microsoft Azure service account through using the existing Azure AD application and authenticate to Microsoft 365 with an application certificate, grant the required permissions to Azure AD application and register the specified certificate in Azure Active Directory.

    $securepassword = Read-Host "Enter your password" -AsSecureString

    Enter your password: **********

    Add-VBOAzureServiceAccount -Region Global -TenantId "721185d3-7da3-41e0-9452-31342a27c9d1" -ApplicationId dde4daf4-44ff-44a4-9559-53ccc65c500a -ApplicationCertificatePath "C:\certificate\cert.pfx" -ApplicationCertificatePassword $securepassword -ConfigureApplication -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

    Perform the following steps:

    1. Run the Read-Host cmdlet. Specify the message that the console will display as a prompt. Provide the AsSecureString parameter. Save the result to the $securepassword variable.
    2. Enter the password.
    3. Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:
    • Specify the Region parameter value.
    • Specify the TenantId parameter value.
    • Specify the ApplicationId parameter value.
    • Specify the ApplicationCertificatePath parameter value.
    • Set the $securepassword variable as the ApplicationCertificatePassword parameter value.
    • Provide the ConfigureApplication parameter.
    • Specify the SubscriptionIds parameter value.

    Add-VBOAzureServiceAccountExample 3. Creating Microsoft Azure Service Account Through Using Existing Azure AD Application with Application Secret

    This example shows how to create a Microsoft Azure service account through using the existing Azure AD application and authenticate to Microsoft 365 with an application secret, grant the required permissions to Azure AD application and register the application certificate in Azure Active Directory.

    $applicationSecret = ConvertTo-SecureString -String "fCblKbIf+kY10+uB+rROD+wZPT/WxcDNX+EU2O33Q1s=" -AsPlainText -Force

    Add-VBOAzureServiceAccount -Region Global -TenantId "721185d3-7da3-41e0-9452-31342a27c9d1" -ApplicationId dde4daf4-44ff-44a4-9559-53ccc65c500a -ApplicationSecret $applicationSecret -ConfigureApplication -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

    Perform the following steps:

    1. Run the ConvertTo-SecureString cmdlet to convert the plain text to the secure string. Specify the String parameter value. Provide the AsPlainText parameter to turn the plain text to the secure string. Provide the Force parameter. Save the result to the $applicationSecret variable.
    2. Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:
    • Specify the Region parameter value.
    • Specify the TenantId parameter value.
    • Specify the ApplicationId parameter value.
    • Set the $applicationSecret variable as ApplicationSecret parameter value.
    • Provide the ConfigureApplication parameter.
    • Specify the SubscriptionIds parameter value.

    Related Commands