Non-interactive authentication

[Air-Git]

I can see there are two ways to use Connect-Graph. One creates an authentication prompt for an interactive user. The other takes a client ID and a certificate for a service principal.
To create a Conditional Access policy with the Graph API, we need to use Delegated permissions. Application permissions are not supported.
Is there any way to supply the credentials of a delegated user non-interactively? It seems to be possible to do this in the AzureAD module for Graph, so it must be conceptually possible. But I don't see how to do it for the Microsoft.Graph modules.
AB#7434

[darrelmiller]

We don't support username/password auth which to my knowledge is the only way of doing delegated non-interactive access. username/password auth is highly discouraged by the Microsoft identity platform. I doubt that we would get approval to add that feature.

[Air-Git]

Thanks Darrel, that's actually extremely helpful. We are trying to automate some Microsoft 365 configurations, and running into the problem of how to authenticate the scripts. We are using the Key Vault to secure credentials. We can use a service principal to obtain the secret from the Key Vault, and supply it in the credentials. But there isn't any way in Conditional Access (that I know of) to limit the cases where the credentials can be used.
Even if we could use a service principal, it just pushes out the problem of using a username and password, if the principal is given administrative privileges.
What we really need is something where the executing platform (e.g. Azure Automation) is considered a trusted device.

[darrelmiller]

Our roadmap includes support for Managed Service Instance auth. Hopefully this will address your requirements.