search

microsoft / MSCloudLoginAssistant

PowerShell Module Handling Authentication to Cloud Services
https://www.powershellgallery.com/packages/MSCloudLoginAssistant/
MIT License
76 stars 52 forks source link

Add support for VM managed identity #121

Closed mlhickey closed 2 years ago

mlhickey commented 2 years ago

Consider leveraging VM managed identities as auth components, looks like 3 changes:

  1. ConnectionProfile - add Identity to AuthenticatioType list
  2. MicrosoftGraph - add Identity to profile
  3. MicrosoftGraph - add token-retrieval/connection to elseif section: Login-AzAccount -Identity $accessToken = (Get-AzAccessToken -ResourceTypeName MSGraph).Token Connect-MgGraph -AccessToken $accessToken $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ConnectedDateTime = [System.DateTime]::Now.ToString() $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.MultiFactorAuthentication = $true $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.Connected = $true $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.TenantId = (Get-MGContext).TenantId

FWIW I have this operational with the MSFT_AAD* resources (attendant changes in M365DSCReverse, M365DSCUtil and AAD resources)

andikrueger commented 2 years ago

Actually I think, this is a valid use case and could help to reduce the complexity of authentication in some scenarios. Would you be able to create a PR for this one for further review?