Skip to main content

Connect-WtWinTuner

Connect to Intune

A separate command to select the correct authentication provider, you no longer have to provide the auth parameters with each command.

Syntax

Interactive (default)

If you're running WinTuner on your local machine, you can use the interactive browser login. This will integrate with the native browser based login screen on Windows and with the default browser on other platforms.

Connect-WtWinTuner -Username <String> [-NoBroker] [-TenantId <String>] [-ClientId <String>] [-Scopes <String[]>] [-Test]
ParameterReq.TypeDescription
-UsernameStringUse a username to trigger interactive login or SSO
-NoBrokerSwitchDisable Windows authentication broker
-TenantIdStringSpecify the tenant ID, optional. Loaded from AZURE_TENANT_ID
-ClientIdStringSpecify the alternative client ID, optional. Loaded from AZURE_CLIENT_ID
-ScopesString[]Specify the scopes to request, default is DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All
-TestSwitchImmediately try to get a token.

UseManagedIdentity

WinTuner supports Managed Identity authentication, this is the recommended way if you run WinTuner in the Azure Environment.

Connect-WtWinTuner -UseManagedIdentity [-Scopes <String[]>] [-Test]
ParameterReq.TypeDescription
-UseManagedIdentitySwitchUse a managed identity to connect to Intune
-ScopesString[]Specify the scopes to request, default is https://graph.microsoft.com/.default
-TestSwitchImmediately try to get a token.

UseDefaultCredentials

A more extended version of the Managed Identity is the Default Credentials, this will use the DefaultAzureCredential, from the Azure.Identity package. This will try several methods to authenticate, Environment Variables, Managed Identity, Azure CLI and more.

Connect-WtWinTuner -UseDefaultCredentials [-Scopes <String[]>] [-Test]
ParameterReq.TypeDescription
-UseDefaultCredentialsSwitchUse default Azure Credentials from Azure.Identity to connect to Intune
-ScopesString[]Specify the scopes to request, default is https://graph.microsoft.com/.default
-TestSwitchImmediately try to get a token.

Token

Let's say you have a token from another source, just hand us to token and we'll use it to connect to Intune. This token has a limited lifetime, so you'll be responsible for refreshing it.

Connect-WtWinTuner -Token <String>
ParameterReq.TypeDescription
-TokenStringUse a token from another source to connect to Intune, this is the least preferred way to use

ClientCertificateCredentials

Client credentials flow using a certificate in the user or local computer store.

Make sure to mark the certificate as not exportable, this helps in keeping the certificate secure.

Connect-WtWinTuner -ClientId <String> -ClientCertificateThumbprint <String> -TenantId <String> [-Scopes <String[]>]
ParameterReq.TypeDescription
-ClientIdStringSpecify the client ID, mandatory for Client Certificate flow. Loaded from AZURE_CLIENT_ID
-ClientCertificateThumbprintStringSpecify the thumbprint of the certificate. Loaded from AZURE_CLIENT_CERT_THUMBPRINT
-TenantIdStringSpecify the tenant ID. Loaded from AZURE_TENANT_ID
-ScopesString[]Specify the scopes to request, default is https://graph.microsoft.com/.default

ClientCredentials

Last resort

Using client credentials is not recommended because you'll have to keep the secret, secret!

Please let us know if you have to use this method, we might be able to help you with a better solution.

Connect-WtWinTuner -ClientId <String> -ClientSecret <String> -TenantId <String> [-Scopes <String[]>] [-Test]
ParameterReq.TypeDescription
-ClientIdStringSpecify the client ID, mandatory for Client Credentials flow. Loaded from AZURE_CLIENT_ID
-ClientSecretStringSpecify the client secret. Loaded from AZURE_CLIENT_SECRET
-TenantIdStringSpecify the tenant ID. Loaded from AZURE_TENANT_ID
-ScopesString[]Specify the scopes to request, default is https://graph.microsoft.com/.default
-TestSwitchImmediately try to get a token.

Examples

Connect using interactive authentication

This will trigger a login broker popup (Windows Hello) on Windows and the default browser on other platforms

Connect-WtWinTuner -Username "youruser@contoso.com"

Connect using managed identity

Try to connect using a managed identity on the current platform, obviously only works in Azure.

Connect-WtWinTuner -UseManagedIdentity

Connect using default credentials

A chain of credentials is tried until one succeeds. Including Environment Variables, Managed Identity, Visual Studio (code) and Azure CLI

az login
Connect-WtWinTuner -UseDefaultCredentials