Connect-AzureAD from within Windows Build Agent

%3CLINGO-SUB%20id%3D%22%5C%26quot%3Blingo-sub-3138948%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3EConnect-AzureAD%20from%20within%20Windows%20Build%20Agent%26lt%3B%5C%2Flingo-sub%26gt%3B%3CLINGO-BODY%20id%3D%22%5C%26quot%3Blingo-body-3138948%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CP%3EHi%2C%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20connect%20within%20a%20Azure%20DevOps%20pipeline%20using%20Image%20Windows-Latest%20to%20Azure%20AD.%20Overall%20I%20am%20automating%20a%20Privilege%20Identity%20Management%20by%20using%20the%20AzureADPreview%20Module.%20The%20Modules%20installs%20as%20expected%20however%20the%20problem%20is%20after%20any%20command%20I%20get%20the%20following%20error%20in%20the%20pipeline.%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CDIV%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%3CDIV%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%3CSPAN%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%3CSPAN%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%3CSPAN%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%3CSPAN%3EError%20reading%20JToken%20from%20JsonReader.%20Path%20''%2C%20line%200%2C%20position%200.%26lt%3B%5C%2FSPAN%26gt%3B%26lt%3B%5C%2FSPAN%26gt%3B%26lt%3B%5C%2FSPAN%26gt%3B%26lt%3B%5C%2FSPAN%26gt%3B%26lt%3B%5C%2FDIV%26gt%3B%3CDIV%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%3CSPAN%3E%26nbsp%3B%26lt%3B%5C%2FSPAN%26gt%3B%26lt%3B%5C%2FDIV%26gt%3B%26lt%3B%5C%2FDIV%26gt%3B%3CDIV%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%3CDIV%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3EI%20am%20using%20the%20following%20commands%20to%20connect%20inside%20the%20pipeline%20to%20connect%3A%26nbsp%3B%26lt%3B%5C%2FDIV%26gt%3B%3CDIV%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%26nbsp%3B%26lt%3B%5C%2FDIV%26gt%3B%3CDIV%20class%3D%22%5C%26quot%3B%5C%26quot%3B%22%3E%26nbsp%3B%26lt%3B%5C%2FDIV%26gt%3B%26lt%3B%5C%2FDIV%26gt%3B%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3CPRE%20class%3D%22%5C%26quot%3Blia-code-sample%22%20language-powershell%3D%22%22%3E%3CCODE%3E%24context%20%3D%20Get-AzContext%5Cn%24aadToken%20%3D%20Get-AzAccessToken%20-ResourceTypeName%20AadGraph%5Cn%20Connect-AzureAD%20-AadAccessToken%20%24aadToken.Token%20-AccountId%20%24context.Account.Id%20-TenantId%20%24context.tenant.id%26lt%3B%5C%2Fcode%26gt%3B%26lt%3B%5C%2Fpre%26gt%3B%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EAny%20command%20say%20Get-AzureADUser%20all%20fail%20with%20the%20same%20error.%20I%20have%20printed%20out%20all%20the%20param%20values%20and%20they%20have%20values.%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%26lt%3B%5C%2Flingo-body%26gt%3B%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3C%2FLINGO-SUB%3E
New Contributor

Hi,

 

I am trying to connect within a Azure DevOps pipeline using Image Windows-Latest to Azure AD. Overall I am automating a Privilege Identity Management by using the AzureADPreview Module. The Modules installs as expected however the problem is after any command I get the following error in the pipeline.

 

Error reading JToken from JsonReader. Path '', line 0, position 0.
 
I am using the following commands to connect inside the pipeline to connect: 
 
 

 

$context = Get-AzContext
$aadToken = Get-AzAccessToken -ResourceTypeName AadGraph
 Connect-AzureAD -AadAccessToken $aadToken.Token -AccountId $context.Account.Id -TenantId $context.tenant.id

 

 

Any command say Get-AzureADUser all fail with the same error. I have printed out all the param values and they have values. 

1 Reply
I have been doing some more digging. There is one more point that I have to make, that MFA is enabled on the tenant. Decoding the token that is provided by the commands in jwt.io the MFA enabled flag will not be set.
I have read on other forums that Connect-AzureAD using the AADToken when MFA has been set does not work. Sounds like this could be a non-starters