Connect-MSIntuneGraph does not support roles assigned via privileged identity management,

[DeusMaximus]

When assigned the Intune Administrator role via privileged identity management in Azure AD, the Connect-MSIntuneGraph script does not recognise this granted access, and instead requests that someone with administrator rights logs in.

[Boston-of-Gilead]

Same issue.

I also use PIM, and cannot get in with that command. In C:\Program Files\WindowsPowerShell\Modules\IntuneWin32App\1.3.3\Public\Connect-MSIntuneGraph.ps1 there are more mandatory fields for that command than the documentation indicates (it only says to provide the TenantID). I'm guessing that's the problem.

When I try to run the command, I get this warning:

WARNING: An error occurred while attempting to retrieve or refresh access token. Error message: Cannot convert argument "builder", with value: "Microsoft.Identity.Client.PublicClientApplicationBuilder", for "WithDesktopFeatures" to type "Microsoft.Identity.Client.PublicClientApplicationBuilder": "Cannot convert the "Microsoft.Identity.Client.PublicClientApplicationBuilder" value of type "Microsoft.Identity.Client.PublicClientApplicationBuilder" to type "Microsoft.Identity.Client.PublicClientApplicationBuilder"."

However the module won't process any other commands, and Get-PSSession shows no session exists. :(

[NickolajA]

That's odd because I use it daily with an account where PIM is "enabled" and roles are activated when needed. It feels more like a MSAL.PS issue than the code I've written as it relies on that module for authentication. Is this still an issue?

[Boston-of-Gilead]

That's odd because I use it daily with an account where PIM is "enabled" and roles are activated when needed. It feels more like a MSAL.PS issue than the code I've written as it relies on that module for authentication. Is this still an issue?

It is, but my workaround is to run the module on a different machine that doesn't have the issue.