Using AzureAD module requires an awkward workaround

For anyone else who may stumble on this. (Until they’ve finished correcting this.) The following finally got things working for me.

1. Setting the application to run as x64 bit: Function App> Configuration > General Settings > Platform > 64 Bit
2. Setting the app to run on Powershell 7 instead of 6 on this thread
3. Used: Import-Module AzureAD -UseWindowsPowerShell

Thanks all for the feedback. Took me a couple hours to get this working. 😔

Big thanks @AnatoliB!

EDITED: Import-Function replaced with Import-Module, as this was a typo.

@abigailbuckholdt I was able to connect to AzureAD via a Powershell Azure Function to get a list of users back. It wasn’t easy, but here are the steps:

As @maertendMSFT mentioned above, there is a secret “preview” AzureAD module available in Azure Cloud Shell today, that’s supported on x86 (since Azure Shell uses PowerShell Core). There’s no way to get the x64 version of AzureAD working on Azure Function, unless Microsoft decides to support that architecture in Azure Function. Thus, we’re going to be waiting until this secret preview module is available for use in Azure Function etc, which obviously will take a lot of time. I decided to get this module out of the Cloud Shell, and import it as a standard module in my function, which is supported today in Azure Function (provided the module works on PowerShell Core of course)

Step 1: Getting that Preview PowerShell module out of Cloud Shell To do this, I first initiated a Cloud Shell instance, which in turn created a File Share. By running the two powershell commands in the screenshot below, you’re able to copy the entire Module Folder from the machine hosting Cloud Shell, and see it in the File Share.

Then, I used Storage Explorer to download it to my local:

Which looked like this:

Step 2: Getting the module uploaded to Azure Function, and getting it to work This part was really, really difficult. The thing is, I’m trying to use a Service Account to automate the task of Connect to Azure AD. But, Connect-AzureAD does not support connecting to a Service Account by using the ClientID and AppKey. You need to use a self-signed Cert and pass in the thumbprint.

This works fine and dandy on my local, but this cert based authentication feature is not supported in this Preview AzureAD (you can try it on Azure Cloud Shell, it’s going to return a .NETCORE error):

So - we now have the preview module that’ll work on Azure Function…but it doesn’t support Cert based authentication with service principals (i.e. it’s useless, since the only reason I’m building the function is to automate stuff)

So, I did a lot of digging around, and am basically doing the following to get this to work:

1. First, using Visual Studio Code, create a “Modules” folder in the root of your function directory and paste the Preview Module in:

When you deploy to the function with VSCode, this whole folder will get uploaded to the machine hosting the Azure Function.

1. To get around the limitation with the cert based authentication limitation I mentioned, what I did in run.ps1 was:

• Sign into Az module (which is available OOTB in the Azure Function)
• Extract the context token from the machine’s cache
• Pass the token into Connect-AzureAD, at which point I’m able to connect to my Azure AD tenant and get a list of users

Here are all the steps in a screenshot:

Now when I use a REST Client (I use Insomnia) to make a call to the function, I’m getting the first user in my Tenant back, via the AzureAD module:

Hope this helps! Judging by all the technical hurdles Microsoft is going to have to have to overcome (specially supporting the Cert based authentication on an unsupported .NET Core platform), I’m willing to bet it’ll be some time before we see this AzureAD module functionality supported out of the box. None of this would be an issue if instead of Powershell Core, the regular 64-bit version was supported in Azure Function though…