{"id":1578,"date":"2026-03-12T13:34:03","date_gmt":"2026-03-12T11:34:03","guid":{"rendered":"https:\/\/www.flip-design.de\/?p=1578"},"modified":"2026-03-12T13:34:03","modified_gmt":"2026-03-12T11:34:03","slug":"how-to-set-up-an-azure-app-registration-for-power-bi-and-why-you-should-use-it","status":"publish","type":"post","link":"https:\/\/www.flip-design.de\/?p=1578","title":{"rendered":"How to set up an Azure App Registration for Power BI \u2013 and why you should use it"},"content":{"rendered":"\n

I would like to continue this series of articles (https:\/\/www.flip-design.de\/?p=1563<\/a>). In my opinion, interactive authentication within PowerShell cmdlets is not suitable for automated processes such as CI\/CD pipelines. Instead, automated authentication without user interaction is required.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Therefore, it is advisable to create an Azure application that can authenticate automatically and has the necessary permissions within Power BI. In this article, I will demonstrate how to create such an application.<\/p>\n\n\n\n

The application is created within Azure:<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

After it has been created, it can be assigned as an admin within the workspace in Power BI.<\/p>\n\n\n\n

In order for these service principals to be used at all, this feature must be enabled in the Admin portal.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n

Of course, you also have the option to include these accounts in groups and restrict their use to Power BI only. In my opinion, this is very necessary and highly recommended.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

The Admin<\/strong> permission is usually required if this application is intended to perform administrative tasks.<\/p>\n\n\n\n

After that, the application needs a secret<\/strong>, which is required for authentication. Since this secret expires regularly after the defined period, it must be renewed periodically. It is therefore recommended to simply create a calendar reminder for this 😉<\/p>\n\n\n\n

Permissions within the Azure application itself are not required for deployments or for updating parameters (see below).<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

It is important to copy the key after it has been generated, as it cannot be accessed again afterward.<\/p>\n\n\n\n

The following permissions should preferably be assigned to the application. Although this is not strictly required, they may be needed later on. It is important to perform a consent afterward.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

This can now be used within PowerShell:<\/p>\n\n\n\n

# Parameters from your Azure App Registration\n$tenantId     = \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"\n$clientId     = \"yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy\"\n$clientSecret = \"YOUR_CLIENT_SECRET\"\n\n# Convert the client secret to a secure string\n$secureSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force\n\n# Create a credential object\n# Username = Client ID of the App Registration\n# Password = Client Secret\n$credential = New-Object System.Management.Automation.PSCredential($clientId, $secureSecret)\n\n# Authenticate to Power BI using the Service Principal\nConnect-PowerBIServiceAccount `\n    -ServicePrincipal `\n    -Tenant $tenantId `\n    -Credential $credential\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
I would like to continue this series of articles (https:\/\/www.flip-design.de\/?p=1563). In my opinion, interactive authentication within PowerShell cmdlets is not suitable for automated processes such as CI\/CD pipelines. Instead, automated authentication without user interaction is required. Therefore, it is advisable … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/posts\/1578"}],"collection":[{"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1578"}],"version-history":[{"count":1,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/posts\/1578\/revisions"}],"predecessor-version":[{"id":1586,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=\/wp\/v2\/posts\/1578\/revisions\/1586"}],"wp:attachment":[{"href":"https:\/\/www.flip-design.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.flip-design.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}