Feature: additional fallback for Managed identity in Azure VM scenario

CHANGELOG.md

@@ -33,6 +33,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Added `-Bcc` option to `Send-PnPMail` [#2726](https://github.com/pnp/powershell/pull/2726)
 - Added `-PrimarySiteCollectionAdmin` to `Add-PnPSiteCollectionAdmin` to allow for the primary site collection admin to be set on the current site [#2750](https://github.com/pnp/powershell/pull/2750)
 - Added `-PrimarySiteCollectionAdmin` to `Set-PnPTenantSite` to allow for the primary site collection admin to be set on a provided site [#2750](https://github.com/pnp/powershell/pull/2750)
+- Added additional fallback logic for retrieving tokens in Azure VM scenario using well-know endpoint when using Managed Identity authentication. [#2761](https://github.com/pnp/powershell/pull/2761)
 
 ### Changed
 

src/Commands/Base/TokenHandling.cs

@@ -130,6 +130,13 @@ internal static async Task<string> GetManagedIdentityTokenAsync(Cmdlet cmdlet, H
                 endPoint = Environment.GetEnvironmentVariable("MSI_ENDPOINT");
                 identityHeader = Environment.GetEnvironmentVariable("MSI_SECRET");
             }
+            if (string.IsNullOrEmpty(endPoint))
+            {
+                // additional fallback
+                // using well-known endpoint for Instance Metadata Service, useful in Azure VM scenario.
+                // https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http
+                endPoint = "http://169.254.169.254/metadata/identity/oauth2/token";
+            }
             if (!string.IsNullOrEmpty(endPoint))
             {
                 var tokenRequestUrl = $"{endPoint}?resource={requiredScope}&api-version=2019-08-01";