-
Notifications
You must be signed in to change notification settings - Fork 448
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to Export-M365DSCConfiguration using the -AccessTokens parameter. #4788
Comments
Have to ask: does the -ManagedIdentity switch not work in this scenario? |
Thank you for the suggestion @mlhickey. As far as I know, the -ManagedIdentity switch can be used on a self-hosted runner is the managed identity is assigned to the VM. This is a Microsoft hosted runner, where I have configured the service connection to use Workload Identity federation to use a managed identity for authentication. I have tested this technique in two different pipelines. Both use an In my first pipeline, I try
If I use the However in my second pipeline I use the -AccessToken technique for authentication and that works:
After that, I can successfully query resources using graph cmdlets. But trying to use the same technique with the |
I would really appreciate if someone could clarify how the |
Perhaps a bug in MicrosoftGraph.psm1? AuthenticationType is set to 'AccessTokens' in ConnectionProfile
|
@NikCharlebois I opened microsoft/MSCloudLoginAssistant#177 to address the issue. |
I'm struggling with understanding how the
-AccessTokens
parameter inExport-M365DSCConfiguration
is designed to work.The help page for the cmdlet does not show much information or an example for this parameter only that it should be a string array.
What I assumed it would do is to use a token from an existing session and reuse this for Microsoft Graph.
Normally, I can do this to use a token from my Azure PowerShell session to connect to Microsoft Graph:
I wanted to use this technique to use a managed identity in my Azure DevOps pipeline to run the
Export-M365DscConfiguration
using a Microsoft hosted agent. I've successfully tested the above PowerShell snippet in a DevOps pipeline to query something in Ms Graph using that managed identity.However, if I try the same with the
Export-M365DSCConfiguration
:When looking at the pipeline log, I see this for each Intune component that is tried to be extracted:
I would really appreciate it if someone could clarify the proper use of the AccessTokens parameter.
The text was updated successfully, but these errors were encountered: