Using Microsoft Entra service principal to run PowerShell script on Azure SQL Database

ByChristian Frohn April 17, 2022November 2, 2025

Microsoft Entra service principals (or App regs.) is nice secure way to connect to Azure SQL Database and then perform queries using PowerShell. This is an ideal alternative to using a local Service Account. The upside to this is that you can authenticate with a secret or with a certificate that you create for yourself or the machine you are running your script(s) from.

Creating and setting up the Azure service principal

You need the Application Administrator role in Microsoft Entra ID to be able to create the service principal and the PowerShell module
Create an Azure app identity (PowerShell)

Creating and setting up the Microsoft Entra service principal – Using the GUI
Create an Azure AD app and service principal in the portal

Once the service principal been created, you dont need to assign API permissions to it. The next step is to add the service principal as user on the Azure SQL Database.

Access the SQL server using SQL Server Management Studio with a Microsoft Entra ID user account and open up a query on the database you wish service principal has access to and run the following query:

Now the Microsoft Entra service principal has owner access to the database of your choosing, you can change the permissions as you see fit.

Before you can access the database you need to create a secret for the Microsoft Entra service principal. You can do that by accessing your Azure App reg. using the Microsoft Entra ID Portal. When you have located your App reg. under “App registrations” navigate to the menu “Certificates & secrets” and then click on “New client secret” and type in a description for the secret. When you are done, click on “add” and copy value to notepad. You will not be able to see the secret again after you leave the page.

Now that we have a client secret the last two things we need is the “Client ID” & “Tenant ID”, both can be found on the App reg. page when you select “Overview”. Now we are ready to use PowerShell

In order for you to access the database using PowerShell and the Microsoft Entra service principal, you need the following code in PowerShell:

Copy the code from above to PowerShell ISE or Visual Studio Code (dealers’ choice) and then fill out the variables with the information we have gathered above and the information of your Azure SQL Database server and database.

Post Views: 2,955

Microsoft Entra

Getting started with API-driven Inbound User Provisioning to On-Premises AD
ByChristian Frohn April 10, 2024July 23, 2025

API-driven Inbound User Provisioning to On-Premises AD is a feature that I personally have been really excited about for quite some time. I started working with it when it was in public preview around June 2023 and it went to General Availability in early 2024.API-driven Inbound User Provisioning is streamlined way of managing users in…

Read More Getting started with API-driven Inbound User Provisioning to On-Premises AD
Microsoft Entra | Sentinel

Using Entra ID Governance and Sentinel to assure user alignment with HR data
ByChristian Frohn July 24, 2024September 15, 2025

Have you ever asked yourself this question after setting up Microsoft Entra ID Lifecycle Workflows and API-driven user provisioning: “What happens if one of my colleagues changes a user attribute in Active Directory (AD), will Entra ID Governance correct it?” The answer to this question is: “No, it won’t”. Or like an IT consultant would…

Read More Using Entra ID Governance and Sentinel to assure user alignment with HR data
Microsoft Entra | PowerShell

Bulk creating Global Secure Access Enterprise applications using PowerShell
ByChristian Frohn February 20, 2025October 28, 2025

In this blog post, I want to share with you how to bulk create Global Secure Access (GSA) Enterprise applications using PowerShell. The need for this arose when I was tasked with creating all the servers in Microsoft Global Secure Acces to be used to control RDP to servers. This was one of those repetitive…

Read More Bulk creating Global Secure Access Enterprise applications using PowerShell
Microsoft Entra

How to run PowerShell scripts in Entra ID Governance Lifecycle Workflows
ByChristian Frohn June 6, 2024July 23, 2025

In this blog post I want to share with you how to run PowerShell scripts in an Entra ID Governance Lifecycle Workflows. In my blog post about creating onboarding Lifecycle Workflows I wrote about how you could use Lifecycle Workflows in Entra ID Governance to add a new user to selected security groups and selected…

Read More How to run PowerShell scripts in Entra ID Governance Lifecycle Workflows
Teams

Set or change a Teams users call forwarding settings with PowerShell
ByChristian Frohn April 17, 2022June 22, 2024

So, as the title says, its now possible to manage a user in your Team tenants call forwarding settings. This is a feature that has been missed by many UC administrator since Teams replaced Skype for Business. But now it’s finally here – Sort of, the features is in preview. The features was release with…

Read More Set or change a Teams users call forwarding settings with PowerShell
Microsoft Entra

Create onboarding Lifecycle Workflows using Microsoft Entra ID Governance
ByChristian Frohn May 24, 2024May 24, 2024

Onboarding of users is something that should not be taken lightly as it’s a first impressions matter as lot and it says a great deal about an IT department for new users when the start that they have everything need to get started for the job they were hired to do. There are of course…

Read More Create onboarding Lifecycle Workflows using Microsoft Entra ID Governance

Creating and setting up the Azure service principal

Similar Posts