Hi Ondrej,
Thanks for you published work, I've found it very useful so far.
I've chosen to use MSAL.PS to acquire a header, alongside a self-signed certificate, rather than the hard-coded secret.
Regardless of that: many people have environments large enough that their token will expire. Can you suggest a simple method of handling token refresh when calling your functions to avoid such scenarios?
Many thanks,
Stevie
For those interested in using MSAL.PS and certs instead of New-IntuneAuthHeader:
generate a self-signed certificate key-pair on your computer
add its public key to the App Reg you created as documented by Ondrej
install the MSAL.PS module
use Get-MsalToken to acquire a token
# store your thumbprint
$thumbprint = <your certificate's thumbprint> # this is visible in your registered app's Credentials and Secrets section once it has been added
# store the path to your private key based on the thumbprint
$path = "Cert:\CurrentUser\My\" + $thumbprint
# set a hashtable for the connection parameters
$connectionDetails = @{
'TenantId' = <your tenant Id>
'ClientId' = <your app's client ID>
'ClientCertificate' = Get-Item -Path $path
}
$token = Get-MsalToken @connectionDetails
# create an auth header from that token
$header = @{
'Authorization' = $token.CreateAuthorizationHeader()
}
you can now use the above $header when calling either of Ondrej's awesome functions.