M365DSC Certificate authentication fails with "does not have a private key" error

Shawn Goodwin 176 Reputation points
2024-11-12T15:57:57.06+00:00

I am deploying M365DSC infra for my org. I have followed the pre-requisites and installed and updated DSC on a stand-alone Azure VM. I intend to use certificate authentication and created the EntraID application using the Update-M365DSCAzureAdApplication cmdlet. I am a Global Admin and ran this command with my creds and permissions.

PS C:\Windows\System32> Update-M365DSCAzureAdApplication
>> -ApplicationName 'Microsoft365DSC' 
>> -AdminConsent
>> -Type Certificate
>> -CreateSelfSignedCertificate
>> -CertificatePath C:\temp\M365DSC.cer
>> -Permissions @(
>> @{Api='Graph';PermissionName='User.Read.All'},
>> @{Api='Graph';PermissionName='UserAuthenticationMethod.Read.All'},
>> ......lots of permissions.....
>> )

The certificate gets created and I installed the cert to the User Personal store. (I know the official instructions say to install the cert to the LocalMachine Personal store, but I was having connection problems and found that the Connect-MgGraph cmdlet only looks for certs in the User Personal store, so I installed the cert in both locations).

I connect using the following values:

$TenantId='mycompany.onmicrosoft.com'
$AppId='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'
$CertThumbprint='xxx....'  #cert thumprint copied from certificate entry in EntraID Application.

I am trying to connect with connect-mggraph -ApplicationId $AppId -CertificateThumbprint $CertThumbprint -TenantId $TenantId

Each time I try to connect, I get the following error; Connect-MgGraph: ClientCertificateCredential authentication failed: The certificate certificate does not have a private key.

By default, the self-signed cert created by the Update-M365DSCAzureAdApplication cmdlet does not have a private key. What am I doing wrong?

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,565 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Rich Matheisen 47,056 Reputation points
    2024-11-12T20:03:24.15+00:00

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.