Connect-WtWinTuner
Connect to Intune
A separate command to select the correct authentication provider, you no longer have to provide the auth parameters with each command.
Syntax
Interactive (default)
If you're running WinTuner on your local machine, you can use the interactive browser login. This will integrate with the native browser based login screen on Windows and with the default browser on other platforms.
Connect-WtWinTuner -Username <String> [-NoBroker] [-TenantId <String>] [-ClientId <String>] [-Scopes <String[]>] [-Test]
Parameter | Req. | Type | Description |
---|---|---|---|
-Username | ✅ | String | Use a username to trigger interactive login or SSO |
-NoBroker | ❌ | Switch | Disable Windows authentication broker |
-TenantId | ❌ | String | Specify the tenant ID, optional. Loaded from AZURE_TENANT_ID |
-ClientId | ❌ | String | Specify the alternative client ID, optional. Loaded from AZURE_CLIENT_ID |
-Scopes | ❌ | String[] | Specify the scopes to request, default is DeviceManagementConfiguration.ReadWrite.All , DeviceManagementApps.ReadWrite.All |
-Test | ❌ | Switch | Immediately try to get a token. |
UseManagedIdentity
WinTuner supports Managed Identity authentication, this is the recommended way if you run WinTuner in the Azure Environment.
Connect-WtWinTuner -UseManagedIdentity [-Scopes <String[]>] [-Test]
Parameter | Req. | Type | Description |
---|---|---|---|
-UseManagedIdentity | ✅ | Switch | Use a managed identity to connect to Intune |
-Scopes | ❌ | String[] | Specify the scopes to request, default is https://graph.microsoft.com/.default |
-Test | ❌ | Switch | Immediately try to get a token. |
UseDefaultCredentials
A more extended version of the Managed Identity is the Default Credentials, this will use the DefaultAzureCredential, from the Azure.Identity
package. This will try several methods to authenticate, Environment Variables, Managed Identity, Azure CLI and more.
Connect-WtWinTuner -UseDefaultCredentials [-Scopes <String[]>] [-Test]
Parameter | Req. | Type | Description |
---|---|---|---|
-UseDefaultCredentials | ✅ | Switch | Use default Azure Credentials from Azure.Identity to connect to Intune |
-Scopes | ❌ | String[] | Specify the scopes to request, default is https://graph.microsoft.com/.default |
-Test | ❌ | Switch | Immediately try to get a token. |
Token
Let's say you have a token from another source, just hand us to token and we'll use it to connect to Intune. This token has a limited lifetime, so you'll be responsible for refreshing it.
Connect-WtWinTuner -Token <String>
Parameter | Req. | Type | Description |
---|---|---|---|
-Token | ✅ | String | Use a token from another source to connect to Intune, this is the least preferred way to use |
ClientCertificateCredentials
Client credentials flow using a certificate in the user or local computer store.
Make sure to mark the certificate as not exportable, this helps in keeping the certificate secure.
Connect-WtWinTuner -ClientId <String> -ClientCertificateThumbprint <String> -TenantId <String> [-Scopes <String[]>]
Parameter | Req. | Type | Description |
---|---|---|---|
-ClientId | ✅ | String | Specify the client ID, mandatory for Client Certificate flow. Loaded from AZURE_CLIENT_ID |
-ClientCertificateThumbprint | ✅ | String | Specify the thumbprint of the certificate. Loaded from AZURE_CLIENT_CERT_THUMBPRINT |
-TenantId | ✅ | String | Specify the tenant ID. Loaded from AZURE_TENANT_ID |
-Scopes | ❌ | String[] | Specify the scopes to request, default is https://graph.microsoft.com/.default |
ClientCredentials
Using client credentials is not recommended because you'll have to keep the secret, secret!
Please let us know if you have to use this method, we might be able to help you with a better solution.
Connect-WtWinTuner -ClientId <String> -ClientSecret <String> -TenantId <String> [-Scopes <String[]>] [-Test]
Parameter | Req. | Type | Description |
---|---|---|---|
-ClientId | ✅ | String | Specify the client ID, mandatory for Client Credentials flow. Loaded from AZURE_CLIENT_ID |
-ClientSecret | ✅ | String | Specify the client secret. Loaded from AZURE_CLIENT_SECRET |
-TenantId | ✅ | String | Specify the tenant ID. Loaded from AZURE_TENANT_ID |
-Scopes | ❌ | String[] | Specify the scopes to request, default is https://graph.microsoft.com/.default |
-Test | ❌ | Switch | Immediately try to get a token. |
Examples
Connect using interactive authentication
This will trigger a login broker popup (Windows Hello) on Windows and the default browser on other platforms
Connect-WtWinTuner -Username "youruser@contoso.com"
Connect using managed identity
Try to connect using a managed identity on the current platform, obviously only works in Azure.
Connect-WtWinTuner -UseManagedIdentity
Connect using default credentials
A chain of credentials is tried until one succeeds. Including Environment Variables, Managed Identity, Visual Studio (code) and Azure CLI
az login
Connect-WtWinTuner -UseDefaultCredentials