Add-VBOAzureServiceAccount

Short Description

Creates Microsoft Azure service accounts that are required to use the Azure archiver appliance when transferring backed-up data between different instances of Azure Blob Storage or to Azure Blob Storage Archive.

Syntax

This cmdlet provides parameter sets that allow you to:

Use an existing Azure AD application and authenticate to Microsoft 365 with an application certificate.

Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <String> -ApplicationId <Guid> -ApplicationCertificatePath <String> [-ApplicationCertificatePassword <SecureString>] [-ConfigureApplication <SwitchParameter>] [-Description <String>] [-SubscriptionIds <String[]>] [<CommonParameters>]

Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <String> -ApplicationName <String> -ApplicationCertificatePath <String> [-ApplicationCertificatePassword <SecureString>] [-Description <String>] [-SubscriptionIds <String[]>] [<CommonParameters>]

Use an existing Azure AD application and authenticate to Microsoft 365 with an application secret.

Add-VBOAzureServiceAccount -Region <VBOAzureRegionType> -TenantId <String> -ApplicationId <Guid> -ApplicationSecret <SecureString> [-ConfigureApplication <SwitchParameter>] [-Description <String>] [-SubscriptionIds <String[]>] [<CommonParameters>]

Detailed Description

This cmdlet creates the VBOAzureServiceAccount object. This object contains details of the Microsoft Azure service account that is required to use the Azure archiver appliance when transferring backed-up data between different instances of Azure Blob Storage or to Azure Blob Storage Archive.

Parameters

Parameter	Description	Type	Required	Position	Accept Pipeline Input	Accept Wildcard Characters
Region	Specifies a Microsoft Azure region. You can select the following types of region: Global Germany China Government	VBOAzureRegionType	True	Named	False	False
ApplicationName	Specifies a name of a new Azure AD application. The cmdlet will register an Azure AD application with this name in Azure Active Directory.	String	True	Named	False	False
ApplicationId	Specifies an Azure AD application ID. The cmdlet will use this application ID to set up a secure connection to Microsoft 365 organization.	Guid	True	Named	False	False
ApplicationCertificatePassword	Specifies the certificate password. The cmdlet will use this password to confirm the certificate that you want to import to an Azure AD application.	SecureString	False	Named	False	False
ApplicationCertificatePath	Specifies a path to the folder where the certificate is located. The cmdlet will import the certificate that is located in this path to set up a secure connection to Microsoft 365 organization.	String	True	Named	False	False
ApplicationSecret	Specifies an application secret. The cmdlet will use an application secret to set up a secure connection to Microsoft 365 organization.	SecureString	True	Named	False	False
TenantId	Specifies an ID of the Microsoft 365 organization in Microsoft Azure.	String	True	Named	False	False
ConfigureApplication	Defines that the cmdlet will configure settings of an existing Azure AD application: grant the required permissions and register the specified certificate in Azure Active Directory.	SwitchParameter	False	Named	False	False
Description	Specifies a description of Microsoft Azure service account. The default description contains information on the user who created the Microsoft Azure service account, date and time when the Microsoft Azure service account was created.	String	False	Named	False	False
SubscriptionIds	Specifies an array of subscriptions associated with a user account that was used to sign in to Microsoft Azure.	String[]	False	Named	False	False

This cmdlet supports Microsoft PowerShell common parameters. For more information on common parameters, see the About CommonParameters section of Microsoft Docs.

Output Object

The cmdlet returns the VBOAzureServiceAccount object that contains Microsoft Azure service account details.

Examples

Add-VBOAzureServiceAccount Example 1. Creating Microsoft Azure Service Account Through Registering New Azure AD Application

This example shows how to create a Microsoft Azure service account through registering a new Azure AD application. The cmdlet will add the application to the Azure Active Directory, grant the required permissions and register the specified certificate.

$securepassword = Read-Host "Enter your password" -AsSecureString

Enter your password: **********

Add-VBOAzureServiceAccount -Region Global -ApplicationName "Archiver Appliance App" -ApplicationCertificatePath "C:\certificate\cert.pfx" -ApplicationCertificatePassword $securepassword -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DRW34WGBN to authenticate.

Perform the following steps:

Run the Read-Host cmdlet. Specify the message that the console will display as a prompt. Provide the AsSecureString parameter. Save the result to the $securepassword variable.
Enter the password.
Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:

Specify the Region parameter value.
Specify the ApplicationName parameter value.
Specify the ApplicationCertificatePath parameter value.
Set the $securepassword variable as the ApplicationCertificatePassword parameter value.
Specify the SubscriptionIds parameter value.

To set up a secure connection to a Microsoft organization, open the https://microsoft.com/devicelogin link in a browser and enter the code that you get in the PowerShell Console to authenticate to the Microsoft 365 server.

Add-VBOAzureServiceAccount Example 2. Creating Microsoft Azure Service Account Through Using Existing Azure AD Application with Application Certificate

This example shows how to create a Microsoft Azure service account through using the existing Azure AD application and authenticate to Microsoft 365 with an application certificate, grant the required permissions to Azure AD application and register the specified certificate in Azure Active Directory.

$securepassword = Read-Host "Enter your password" -AsSecureString

Enter your password: **********

Add-VBOAzureServiceAccount -Region Global -TenantId "721185d3-7da3-41e0-9452-31342a27c9d1" -ApplicationId dde4daf4-44ff-44a4-9559-53ccc65c500a -ApplicationCertificatePath "C:\certificate\cert.pfx" -ApplicationCertificatePassword $securepassword -ConfigureApplication -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

Perform the following steps:

Run the Read-Host cmdlet. Specify the message that the console will display as a prompt. Provide the AsSecureString parameter. Save the result to the $securepassword variable.
Enter the password.
Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:

Specify the Region parameter value.
Specify the TenantId parameter value.
Specify the ApplicationId parameter value.
Specify the ApplicationCertificatePath parameter value.
Set the $securepassword variable as the ApplicationCertificatePassword parameter value.
Provide the ConfigureApplication parameter.
Specify the SubscriptionIds parameter value.

Add-VBOAzureServiceAccount Example 3. Creating Microsoft Azure Service Account Through Using Existing Azure AD Application with Application Secret

This example shows how to create a Microsoft Azure service account through using the existing Azure AD application and authenticate to Microsoft 365 with an application secret, grant the required permissions to Azure AD application and register the application certificate in Azure Active Directory.

$applicationSecret = ConvertTo-SecureString -String "fCblKbIf+kY10+uB+rROD+wZPT/WxcDNX+EU2O33Q1s=" -AsPlainText -Force

Add-VBOAzureServiceAccount -Region Global -TenantId "721185d3-7da3-41e0-9452-31342a27c9d1" -ApplicationId dde4daf4-44ff-44a4-9559-53ccc65c500a -ApplicationSecret $applicationSecret -ConfigureApplication -SubscriptionIds "l8e5ac3d-d883-4dd8-8de3-a8f315fb6ae2","06b7354e-518f-4a10-b4c1-98f49d743012"

Perform the following steps:

Run the ConvertTo-SecureString cmdlet to convert the plain text to the secure string. Specify the String parameter value. Provide the AsPlainText parameter to turn the plain text to the secure string. Provide the Force parameter. Save the result to the $applicationSecret variable.
Run the Add-VBOAzureServiceAccount cmdlet. Specify the following settings:

Specify the Region parameter value.
Specify the TenantId parameter value.
Specify the ApplicationId parameter value.

Set the $applicationSecret variable as ApplicationSecret parameter value.

Provide the ConfigureApplication parameter.
Specify the SubscriptionIds parameter value.

Related Commands