Azure AD Authentication

[jbowser-bt]

I'm using Azure AD for authentication for authentication. I use Azure CLI to log in w/ an Entra identify and get a bearer token for my rest calls.

I'm looking at Microsoft's mandatory MFA requirements, and their next phased roll out of September 15, 2025, and it now impacting Azure CLI, Powershell, etc. There are limits to this and that read only requests through the CLI won't incur an MFA requirement. As I understand it, the process of logging in and obtaining a token and subsequently calling the DAB API to retrieve data are all read only calls, so they should be safe from this roll out in September.

However, I'm trying to be a little proactive here. I've attempted to use an application token rather than a delegated token, and it results in a 403 when I call into the DAB API which leads me to believe that maybe DAB requires a delegated token through the app registration rather than an application token.

Am I thinking about this incorrectly? Does DAB support application tokens, and I'm likely missing some configuration or permissions somewhere?

I'm curious if anyone else is running a similar workflow to me and trying to mitigate any issues caused by the MFA requirements that are being rolled out.

Edit: For those unfamiliar with the MFA requirement, I'm referring to: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication?tabs=dotnet