I want to run an Azure function against AAD to query some users there. Authentications should happen via certificate as shown in the code snippet. I keep googling around but cannot find the proper way of doing it. The code shown below ends up in an exection - how do I need to parse the cert coming from Azure Key Vault?
...
$tenant_id = "something-else"
$app_reg_clientid = "something"
$cert = Get-AzKeyVaultCertificate -VaultName "my-kv" -Name "my-kv-cert"
Connect-MgGraph -ClientId $app_reg_clientid -TenantId $tenant_id -Certificate $cert
...
ERROR: Cannot bind parameter 'Certificate'. Cannot convert the "Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultCertificate" value of type "Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultCertificate" to type "System.Security.Cryptography.X509Certificates.X509Certificate2". Exception ...
I think this summarizes the things: https://briantjackett.com/2018/07/25/azure-functions-calling-azure-ad-application-with-certificate-authentication/
Also I am missing a lot of steps in your post when comparing against the official documentation: https://learn.microsoft.com/en-us/powershell/microsoftgraph/app-only?view=graph-powershell-1.0&tabs=azure-portal
The official docs use the subjectname from the certificate in the parameter: -CertificateName You are using; Well I don't know exactly, but if i'm not mistaken; You are using the thumbprint which is pulled from the Keyvault for parameter: -Certificate
I think you should double back and check all the steps from the official docs for your flow.