Question: Can this be used to obtain a BPRT for AzureAD join?
dkattan opened this issue · comments
The only supported way to programmatically join a device to AzureAD is to apply a provisioning profile .ppkg file generated from the Windows Imaging Configuration Designer.
I know you are primarily interested in BrowserCore.exe but since you are all geared up for sniffing namedpipes and finding other opportunities to retrieve refresh tokens, I figure you may want to have a look at icd.exe since it obtains a refresh token using a different built in exe.
If it helps, it appears that Windows Configuration Designer spawns Microsoft.AAD.BrokerPlugin.exe to generate this token.
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe -ServerName:App.AppXgvz9wxd0frjs1prgz5kvtcz083996jyv.mca