Connect-MgGraph by using certificates

[T630Dev]

We are indirectly using Connect-MgGraph as part of M365DSC.
As the LCM executes the code as local system, the connect-MgGraph cmdlet expects to find the certificate for the app registration / service principal in the user store of the local system user.

This is difficult to manage. (psexec or scheduled tasks as workaround to impersonate the local system to get to the user certificate store of the local system and install the certificate there)

Hence, my request would be that Connect-MgGraph gets a new parameter to chose the certificate store. Either the local machine or the user store. That way, we could use standard cmdlets such as Import-PfxCertificate to manage the certificates that are required for the secure connection.

[peombwa]

Thanks for opening this feature request.

We will add support for local machine lookup in v2 of the SDK. In the meantime, you can use -Certificate parameter on Connect-MgGraph to load a certificate from any store as such:

# Using -Certificate
$Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint
Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -Certificate $Cert

Closing as duplicate of #936.

[T630Dev]

ok thanks. For 'normal' PS development that's fine.
When using M365DSC, the module needs to expose an option to configure that (for example, store and thumbprint) so that internally in the M365DSC code, the respective DSC ressources that use Connect-MgGraph can pass the correct parameter.

Will check with the M365DSC folks.