Create an Azure Arc Service Principal with longer expiration date using PowerShell

When you are onboarding at scale of Azure Arc enabled servers or Azure Arc enabled Kubernetes clusters, you want to use service principals for automated authentication during the onboarding process for Azure Arc resources. Microsoft provides you with an option in the Azure portal to create that service principal. When you use this, you can set an expiration date for that service principal, which is great because you don’t want this to be available for ever, even do you can only onboard machines with it. In this blog post we are going to have a look at how you can create an Azure Arc Service Principal with longer expiration date using Azure PowerShell.

For some customers, one month expiration time for a service principal to onboard Azure Arc enabled servers or Kubernetes clusters might be a little short.

To create a service principal to onboard an Azure Arc enabled server or Kubernetes cluster resource, you can use Azure PowerShell using the following commands:

# Set how many days the password will be valid for
$startDate = get-date
$endDate = $start.AddDays(90)

# Create a new service principal
$arcServiceprincipalName = "tm-arcserveronboarding-pwsh-sp"
New-AzADServicePrincipal -DisplayName $arcServiceprincipalName -Role "Azure Connected Machine Onboarding" -StartDate $startDate -EndDate $endDate 

This will create a service principal to onboard servers for 90 days. In my case I used Azure PowerShell running inside Azure CloudShell.

Now if you check the expiration date, you can see it is 90 days.

I hope this blog post was help full on showing you how you can create an Azure Arc Service Principal with longer expiration date using PowerShell. If you want to learn more about onboarding Azure Arc enabled servers at scale, check out the following Microsoft Docs article: Connect hybrid machines to Azure at scale. If you have any questions, feel free to leave a comment below.