I want to authenticate an Intune-Managed-Device in a REST API call. The device should prove its identity without any interactive user.
In a Windows AD Domain, I would use the built-in NETWORK-SERVICE so that the computer object itself can be assigned any ACL entries. The computer object typically has the name "computer$". What is the equivalent of Intune or Azure OAuth authentication? I know there is the client credential workflow, but this would require storing a shared secret for all devices or creating one secret for each device. Anyway, this would authorize the call but not authenticate the device. I would expect something like a managed identity, which is implemented for Azure-managed resources. In principle, we could use one of the Intune certificates after the device is onboarded to Intune. Because the private key is installed, this could prove the identity. But I assumed there were better ways than this. Any help is highly appreciated.