Is there any way to authenticate dashboard\page users with azuread (or AZ cli) using some form of modern authentication? The dashboard will be running inside the same tenant, using Easy Auth
We want authorized users to start azure devops pipelines (using azureAD as the authority ), but I cant for the life of me figure out how to give the users an MFA challenge. The important bit is that the user should start the pipeline, not an app (mainly for logging purposes)
MFA needs to be configured in Azure AD. You could use conditional access in Azure AD to enforce MFA for users authenticating against your PSU instance.
This has a walk through of how to do that.
For the app tokens and delegation, you will want to configure delegated access tokens. I think you’ll use Graph as your resource provider. Once you have that configured, you’ll be able to use the $AccessToken variable in your dashboards and scripts to access the services on behalf of the user.