Azure AD验证为设备以获取承载令牌 [英] Azure AD authenticate as device to obtain bearer token

问题描述

我有一个加入Azure AD的Intune托管Windows 10设备.

I have an Intune managed Windows 10 device that is Azure AD joined. 

我已配置了在本地设备帐户上运行在托管设备上所需的powershell脚本.

I have powershell scripts configured required to run on managed devices as the local system account. 

在这样的PowerShell脚本中，我想获取应用程序资源(例如O365或MS Graph或存储帐户)的承载访问令牌.由于此过程是非交互式过程，因此不会在AAD用户的上下文中运行(只是加入了AAD 设备)，我试图了解在这种情况下是否有任何方法可以获取令牌.

In such a PowerShell script, I want to acquire a bearer access token for an application resource (e.g. O365 or MS Graph or a storage account). Since this is non interactive process and it’s not running under the context of an AAD user (just an AAD joined device), I’m trying to understand if there is any way to get a token in this context. 

请注意，此问题根本不是特定于Intune的...我只是以PowerShell脚本为例.

问题:我如何通过AAD作为作为SYSTEM上下文运行的托管AAD设备进行身份验证.

谢谢.

推荐答案

使用客户端密钥/密钥:

Use a client secret/key: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-application-id-and-authentication-key

或证书(尽管并非所有PS模块都支持此证书): https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential

Or a certificate (though not all PS modules support this): https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential

这篇关于Azure AD验证为设备以获取承载令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！