Connect-WtWinTuner

Connect to Intune

A separate command to select the correct authentication provider, you no longer have to provide the auth parameters with each command.

Syntax

Interactive (default)

If you're running WinTuner on your local machine, you can use the interactive browser login. This will integrate with the native browser based login screen on Windows and with the default browser on other platforms.

Connect-WtWinTuner -Username <String> [-NoBroker] [-TenantId <String>] [-ClientId <String>] [-Scopes <String[]>] [-Test]

Parameter	Req.	Type	Description
-Username	✅	String	Use a username to trigger interactive login or SSO
-NoBroker	❌	Switch	Disable Windows authentication broker
-TenantId	❌	String	Specify the tenant ID, optional. Loaded from AZURE_TENANT_ID
-ClientId	❌	String	Specify the alternative client ID, optional. Loaded from AZURE_CLIENT_ID
-Scopes	❌	String[]	Specify the scopes to request, default is DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All
-Test	❌	Switch	Immediately try to get a token.

UseManagedIdentity

WinTuner supports Managed Identity authentication, this is the recommended way if you run WinTuner in the Azure Environment.

Connect-WtWinTuner -UseManagedIdentity [-Scopes <String[]>] [-Test]

Parameter	Req.	Type	Description
-UseManagedIdentity	✅	Switch	Use a managed identity to connect to Intune
-Scopes	❌	String[]	Specify the scopes to request, default is https://graph.microsoft.com/.default
-Test	❌	Switch	Immediately try to get a token.

UseDefaultCredentials

A more extended version of the Managed Identity is the Default Credentials, this will use the DefaultAzureCredential, from the Azure.Identity package. This will try several methods to authenticate, Environment Variables, Managed Identity, Azure CLI and more.

Connect-WtWinTuner -UseDefaultCredentials [-Scopes <String[]>] [-Test]

Parameter	Req.	Type	Description
-UseDefaultCredentials	✅	Switch	Use default Azure Credentials from Azure.Identity to connect to Intune
-Scopes	❌	String[]	Specify the scopes to request, default is https://graph.microsoft.com/.default
-Test	❌	Switch	Immediately try to get a token.

Token

Let's say you have a token from another source, just hand us to token and we'll use it to connect to Intune. This token has a limited lifetime, so you'll be responsible for refreshing it.

Connect-WtWinTuner -Token <String>

Parameter	Req.	Type	Description
-Token	✅	String	Use a token from another source to connect to Intune, this is the least preferred way to use

ClientCredentials

Last resort

Using client credentials is not recommended because you'll have to keep the secret, secret!

Please let us know if you have to use this method, we might be able to help you with a better solution.

Connect-WtWinTuner -ClientId <String> -ClientSecret <String> -TenantId <String> [-Scopes <String[]>] [-Test]

Parameter	Req.	Type	Description
-ClientId	✅	String	Specify the client ID, mandatory for Client Credentials flow. Loaded from AZURE_CLIENT_ID
-ClientSecret	✅	String	Specify the client secret. Loaded from AZURE_CLIENT_SECRET
-TenantId	✅	String	Specify the tenant ID. Loaded from AZURE_TENANT_ID
-Scopes	❌	String[]	Specify the scopes to request, default is https://graph.microsoft.com/.default
-Test	❌	Switch	Immediately try to get a token.

Examples

Connect using interactive authentication

This will trigger a login broker popup (Windows Hello) on Windows and the default browser on other platforms

Connect-WtWinTuner -Username "youruser@contoso.com"

Connect using managed identity

Try to connect using a managed identity on the current platform, obviously only works in Azure.

Connect-WtWinTuner -UseManagedIdentity

Connect using default credentials

A chain of credentials is tried until one succeeds. Including Environment Variables, Managed Identity, Visual Studio (code) and Azure CLI

az login
Connect-WtWinTuner -UseDefaultCredentials