Does New-APSession support a managed identity to connect to Azure DevOps?

[BertusV]

Now that DevOps support managed identities I would like to use that to automate some tasks rather than using a PAT.

Previously I used this code to connect from an Azure PowerShell function app:

$splat = @{ Collection = 'xxxxxxxxxxxxx' Project = 'Management%20Infrastructure' Instance = 'https://dev.azure.com/' ApiVersion = '7.1-preview' SessionName = 'mySession' PersonalAccessToken = $env:PAT } $session = New-APSession @splat

I hoped the script would work like this but I'm getting Authentication issues. In a separate funtion I can use the same identity to authN to Azure resources.

$splat = @{ Collection = 'xxxxxxxxxxxx' Project = 'Management%20Infrastructure' Instance = 'https://dev.azure.com/' ApiVersion = '7.1-preview' SessionName = 'mySession' } $session = New-APSession @splat

I hope you can point me in the right direction.

Regards, BertusV

[Dejulia489]

Are you running this in a pipeline?

[BertusV]

No, I'm running this in a Azure Function App (PowerShell). The function app has a managed identity assigned to it. That same identity is configured in Azure DevOps.

[Dejulia489]

Sounds like you can use the Azure AD token in place of the PAT.

I haven’t had a chance to try it.

Doc:

https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow

[BertusV]

I'll give it a try and get back to you.

Thanks.