FIDO2 support

[KuotingChiu]

Is FIDO2 supported ? My organization mandates to use Smartcard and the get-credential never works for us as the password is unknown. With FIDO2 be enabled for our Microsoft 365 tenant, we can now use the YuriKey for create secret key and authenticate. However, M365DSC seems not support the FIDO2 authentication, can you please confirm that? Also, if it is indeed not supported, is this something will be supported in the future?

Thank you in advance!

George Chiu
The Hartford

[FabienTschanz]

@KuotingChiu FIDO2 is only supported in PowerShell 7 onwards, see Authentication Commands - Graph PowerShell. So you probably can use Microsoft365DSC for exporting your configuration in PowerShell 7, but it's not possible to apply or test configurations since these require Windows PowerShell 5.1.

Edit: After further checking, I don't think that will work either. We are dependent on the credentials (like password and username) since there is currently nothing implemented that uses FIDO2 authentication. Don't know if this is planned, but from what I think, it probably won't be coming in the near (or rather distant) future.

[KuotingChiu]

Thanks @FabienTschanz for reviewing! How about the -AccessTokens parameter of Export-M365DSCConfiguration ? Will I be able to use it (i.e. use either Smartcard or FIDO2 to authenticate and get the access token to pass via this parameter)? There are not many good example within M365DSC documentation but there are some other posts elsewhere talking about it

[FabienTschanz]

@KuotingChiu The AccessTokens parameter is supported across a couple of resource, but I don't think over all of them. You'll have to try and see how it goes unfortunately. I don't quite know how you get such an access token though.