[FEATURE] Add support for Azure DevOps Federating identity authentication

[ztrhgf]

Is your feature request related to a problem? Please describe. I don't want to use service principal because of secret/certificate maintenance. Federating identity is just much more secure and maintainable.

Describe the solution you'd like Please option to authenticate using Azure DevOps federating identity as described here https://gotoguy.blog/2023/09/15/connect-to-microsoft-graph-in-azure-devops-pipelines-using-workload-identity-federation/

In general we need to be able to pass token that will be used like Connect-MgGraph -AccessToken $token

Thanks!

[almenscorner]

So what you really want to do here is pass the token as an argument during run time?

[ztrhgf]

Yes :) Instead of SP id and secret.

[almenscorner]

Added the option to pass a token in 2.3.0 beta4 and was able to use it like this

trigger:
- none

pool:
  vmImage: windows-latest

steps:
- task: AzureCLI@2
  displayName: 'Get Graph Token for Workload Federated Credential'
  inputs:
    azureSubscription: 'test'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: |
      $token = az account get-access-token --resource-type ms-graph
      $accessToken = ($token | ConvertFrom-Json).accessToken
      Write-Host "##vso[task.setvariable variable=secretToken;issecret=true]$accessToken"

- task: PowerShell@2
  displayName: 'Install IntuneCD'
  inputs:
    targetType: 'inline'
    script: |
      pip3 install IntuneCD==2.3.0b4

    pwsh: true

- task: PowerShell@2
  displayName: 'Run IntuneCD with token'
  inputs:
    targetType: 'inline'
    script: |
      IntuneCD-startbackup -t $(secretToken) -p $(Build.SourcesDirectory)

    pwsh: true

[ztrhgf]

Amazing! Will try it right now.

[ztrhgf]

Working like a charm!

[almenscorner]

Cool, I'll make it a part of 2.3.0!

[ztrhgf]

Looking forward to it, thanks again!

[ztrhgf]

Please update the docs too.

[almenscorner]

Docs updated