Add Authentication via Managed Identity

[buidav]

💡 Summary

This issue is to add support for authenticating to ScubaGear's dependent PowerShell modules via a Managed Identity.

Motivation and context

There has been demand from users (including us) for running ScubaGear in an Azure Automation runbook. Adding managed identity authentication support to ScubaGear would allow users to run ScubaGear via a runbook without currently having to do some workarounds.

Implementation notes

Notes as of 1/29/2024

[!Important] There are only two PowerShell authentication cmdlets left that don't support managed identities. Power Platform (Add-PowerAppsAccount) and Defender (Connect-IPPSSession). Currently only partial managed identity support can be implemented for ScubaGear by providing the following parameters to each of our other dependent PowerShell authentication cmdlets.

• Connect to MS Graph via System-Assigned Managed Identity

  Connect-MgGraph -Identity 

• Connect to EXO PowerShell via System-Assigned Managed Identity

  Connect-ExchangeOnline -ManagedIdentity -Organization contoso.onmicrosoft.com

• Connect to Microsoft Teams PowerShell using a managed service identity

  Connect-MicrosoftTeams -Identity

  [!Note] Looks like version 5.9.0 of the MicrosoftTeams module just added -Identity support for the -*Cs cmdlets. Only currently supports "commercial" tenants. Not sure if GCC is included in this usage of commercial.

• Connecting to PnP PowerShell for unattended SharePoint auth with a managed identity

  Connect-PnPOnline [-Url <String>] -ManagedIdentity [-ReturnConnection]

Acceptance criteria

• [ ] Invoke-SCuBA has support for authentication via a ManagedIdentity via a -ManagedIdentity parameter.

[schrolla]

Also investigate if other forms of managed identity (federation, etc) would also work through this addition or if it would required additional changes.