Secure authentication within PowerShell scripts for Intune MDM
We would like to authenticate to services, like Azure Storage or Azure SQL from an Intune MDM PowerShell script.
However, with PowerShell scripts in Intune MDM the source, including passwords are visible in plain text, for instance when you review the log files in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs.
We would like a secure way to safely authenticate with different services from PowerShell scripts in Intune MDM. For instance by being able to preconfigure one or more Credential- or Variable Assets passed (as parameter?) with the PowerShell script configured.
A credential source provider could be Azure Key Vault or Azure Automation Credential- and Variable Assets.
Seems to obvious, cmon Microsoft please add this!
I agree. This would be great.
great idea and love the blog @jseerden
Matthew Nelson commented
This really needs to be implemented. LAPS is already available on-premise but for intune devices in a cloud only environment, there is really no solution for local admin password control, which is a requirement for SRS devices
This would be the feature that would crush competitors beneath Microsoft's heel.