Update mi test mi for region lock sfi (#5538)

* Update managed identity references to new MI

- Replace old MI client ID (3b57c42c-3201-4295-ae27-d6baec5b7027) with new MI (45344e7d-c562-4be6-868f-18dac789c021)
- Replace old MI object ID (9fc6a41b-e161-43ba-90ba-12f172141c23) with new MI (a38637b6-b365-4652-af1f-cf5d8cf829ad)
- Update resource ID from MSAL_MSI_USERID to Msal_Integration_tests
- Update location from East US 2 to East US
- Update readme.md documentation with new MI details and Azure portal links
- All tests passing with new managed identity configuration

* Consolidate Key Vault UAMI into main UAMI

- Remove separate LabVaultAccessUserAssignedClientID (4b7a4b0b-ecb2-409e-879a-1e21a15ddaf6)
- Update AcquireMsiToken_ExchangeForEstsToken_Successfully test to use consolidated UAMI
- Use single UserAssignedClientID (45344e7d-c562-4be6-868f-18dac789c021) for both MSI and Key Vault access
- Add documentation comments explaining the consolidation

Note: Token exchange test requires federated identity credential in RequestMSIDLAB app registration

* Fix E2E IMDS tests to use ID4SMSIHostedAgent pool's managed identity

- Update ManagedIdentityImdsTests.cs to use ID4SMSIHostedAgent_UAMI
- Client ID: 8ef2ae5a-f349-4d36-bc0e-a567f2cc50f7
- Object ID: 0651a6fc-fbf5-4904-9e48-16f63ec1f2b1
- Resource ID: /subscriptions/6f52c299-a200-4fe1-8822-a3b61cf1f931/resourcegroups/DevOpsHostedAgents/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID4SMSIHostedAgent_UAMI
- Fixes pool access issues where E2E tests couldn't access the consolidated MI

* Update resource IDs to use original branch values

- Changed resource ID from main branch back to original branch values
- Updated subscription ID: c1686c51-b717-4fe0-9af3-24a20a41fb0c -> 6f52c299-a200-4fe1-8822-a3b61cf1f931
- Updated resource group: MSAL_MSI -> DevOpsHostedAgents
- Updated identity name: LabVaultAccess_UAMI -> ID4SMSIHostedAgent_UAMI
- Ensures both client ID and resource ID fixes from original branch are preserved

* Fix Object ID for new managed identity

- Updated Object ID from 1eee55b7-168a-46be-8d19-30e830ee9611 to 0651a6fc-fbf5-4904-9e48-16f63ec1f2b1
- Now all three test variants (ClientId, ResourceId, ObjectId) reference the same ID4SMSIHostedAgent_UAMI managed identity
- Object ID matches the Principal ID of the created managed identity

Author: RyAuld

tests/Microsoft.Identity.Test.E2e/ManagedIdentityImdsTests.cs

@@ -39,10 +39,10 @@ private static IManagedIdentityApplication BuildMi(
         [TestCategory("MI_E2E_Imds")]
         [DataTestMethod]
         [DataRow(null /*SAMI*/, null, DisplayName = "AcquireToken_OnImds_Succeeds-SAMI")]
-        [DataRow("4b7a4b0b-ecb2-409e-879a-1e21a15ddaf6", "clientid", DisplayName = "AcquireToken_OnImds_Succeeds-UAMI-ClientId")]
-        [DataRow("/subscriptions/c1686c51-b717-4fe0-9af3-24a20a41fb0c/resourcegroups/MSAL_MSI/providers/Microsoft.ManagedIdentity/userAssignedIdentities/LabVaultAccess_UAMI",
+        [DataRow("8ef2ae5a-f349-4d36-bc0e-a567f2cc50f7", "clientid", DisplayName = "AcquireToken_OnImds_Succeeds-UAMI-ClientId")]
+        [DataRow("/subscriptions/6f52c299-a200-4fe1-8822-a3b61cf1f931/resourcegroups/DevOpsHostedAgents/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID4SMSIHostedAgent_UAMI",
          "resourceid", DisplayName = "AcquireToken_OnImds_Succeeds-UAMI-ResourceId")]
-        [DataRow("1eee55b7-168a-46be-8d19-30e830ee9611", "objectid", DisplayName = "AcquireToken_OnImds_Succeeds-UAMI-ObjectId")]
+        [DataRow("0651a6fc-fbf5-4904-9e48-16f63ec1f2b1", "objectid", DisplayName = "AcquireToken_OnImds_Succeeds-UAMI-ObjectId")]
         public async Task AcquireToken_OnImds_Succeeds(string id, string idType)
         {
             var mi = BuildMi(id, idType);
@@ -69,10 +69,10 @@ public async Task AcquireToken_OnImds_Succeeds(string id, string idType)
         [TestCategory("MI_E2E_Imds")]
         [DataTestMethod]
         [DataRow(null /*SAMI*/, null, DisplayName = "AcquireToken_OnImds_Fails_WithMtlsProofOfPossession-SAMI")]
-        [DataRow("4b7a4b0b-ecb2-409e-879a-1e21a15ddaf6", "clientid", DisplayName = "AcquireToken_OnImds_Fails_WithMtlsProofOfPossession-UAMI-ClientId")]
-        [DataRow("/subscriptions/c1686c51-b717-4fe0-9af3-24a20a41fb0c/resourcegroups/MSAL_MSI/providers/Microsoft.ManagedIdentity/userAssignedIdentities/LabVaultAccess_UAMI",
+        [DataRow("8ef2ae5a-f349-4d36-bc0e-a567f2cc50f7", "clientid", DisplayName = "AcquireToken_OnImds_Fails_WithMtlsProofOfPossession-UAMI-ClientId")]
+        [DataRow("/subscriptions/6f52c299-a200-4fe1-8822-a3b61cf1f931/resourcegroups/DevOpsHostedAgents/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID4SMSIHostedAgent_UAMI",
          "resourceid", DisplayName = "AcquireToken_OnImds_Fails_WithMtlsProofOfPossession-UAMI-ResourceId")]
-        [DataRow("1eee55b7-168a-46be-8d19-30e830ee9611", "objectid", DisplayName = "AcquireToken_OnImds_Fails_WithMtlsProofOfPossession-UAMI-ObjectId")]
+        [DataRow("0651a6fc-fbf5-4904-9e48-16f63ec1f2b1", "objectid", DisplayName = "AcquireToken_OnImds_Fails_WithMtlsProofOfPossession-UAMI-ObjectId")]
         public async Task AcquireToken_OnImds_Fails_WithMtlsProofOfPossession(string id, string idType)
         {
             var mi = BuildMi(id, idType);

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ManagedIdentityTests.NetFwk.cs

@@ -36,14 +36,13 @@ public class ManagedIdentityTests
         //http proxy base URL 
         private static readonly string s_baseURL = "https://service.msidlab.com/";
 
-        //Shared User Assigned Client ID
-        private const string UserAssignedClientID = "3b57c42c-3201-4295-ae27-d6baec5b7027";
+        //Shared User Assigned Client ID - Consolidated UAMI for both MSI endpoints and Key Vault access
+        private const string UserAssignedClientID = "45344e7d-c562-4be6-868f-18dac789c021";
 
+        //Lab Access Client ID for certificate-based authentication to lab resources
         private const string LabAccessClientID = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
 
-        private const string LabVaultAccessUserAssignedClientID = "4b7a4b0b-ecb2-409e-879a-1e21a15ddaf6";
-
-        private const string UserAssignedObjectID = "9fc6a41b-e161-43ba-90ba-12f172141c23";
+        private const string UserAssignedObjectID = "a38637b6-b365-4652-af1f-cf5d8cf829ad";
 
         //Non Existent User Assigned Client/Object ID 
         private const string SomeRandomGuid = "f07359bb-f4f6-4e3c-ba9f-ccdf48eb80ce";
@@ -55,7 +54,7 @@ public class ManagedIdentityTests
         //Resource ID of the User Assigned Identity 
         private const string UamiResourceId = "/subscriptions/c1686c51-b717-4fe0-9af3-24a20a41fb0c/" +
             "resourcegroups/MSAL_MSI/providers/Microsoft.ManagedIdentity/userAssignedIdentities/" +
-            "MSAL_MSI_USERID";
+            "Msal_Integration_tests";
 
         //non existent Resource ID of the User Assigned Identity 
         private const string Non_Existent_UamiResourceId = "/subscriptions/userAssignedIdentities/NO_ID";
@@ -191,8 +190,8 @@ public async Task AcquireMsiToken_ExchangeForEstsToken_Successfully()
                 string uri = s_baseURL + $"MSIToken?" +
                     $"azureresource={MsiAzureResource.WebApp}&uri=";
 
-                //Create CCA with Proxy
-                IManagedIdentityApplication mia = CreateMIAWithProxy(uri, LabVaultAccessUserAssignedClientID, UserAssignedIdentityId.ClientId);
+                //Create CCA with Proxy - using the consolidated UAMI for both MSI and Key Vault access
+                IManagedIdentityApplication mia = CreateMIAWithProxy(uri, UserAssignedClientID, UserAssignedIdentityId.ClientId);
 
                 AuthenticationResult result;
                 //Act

tests/devapps/Managed Identity apps/MSIHelperService/readme.md

@@ -186,7 +186,7 @@ Build the current project (The MSI Helper Service - MSIHelperService.csproj) and
 
 ## User Assigned Identity
 
-This helper service also exposes the [User Identity](https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/resource/subscriptions/c1686c51-b717-4fe0-9af3-24a20a41fb0c/resourceGroups/MSAL_MSI/providers/Microsoft.ManagedIdentity/userAssignedIdentities/MSAL_MSI_USERID/overview) for testing. 
+This helper service also exposes the [User Identity](https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/resource/subscriptions/c1686c51-b717-4fe0-9af3-24a20a41fb0c/resourceGroups/MSAL_MSI/providers/Microsoft.ManagedIdentity/userAssignedIdentities/Msal_Integration_tests/overview) for testing. 
 
 <br>
 <img src="images/uid.PNG" alt="uid" width="800"/>
@@ -197,13 +197,13 @@ Following are some useful information to test the User Identity.
 
 | Syntax      | Description |
 | ----------- | ----------- |
-| Resource ID      | /subscriptions/c1686c51-b717-4fe0-9af3-24a20a41fb0c/resourcegroups/MSAL_MSI/providers/Microsoft.ManagedIdentity/userAssignedIdentities/MSAL_MSI_USERID       |
-| Name   | MSAL_MSI_USERID        |
+| Resource ID      | /subscriptions/c1686c51-b717-4fe0-9af3-24a20a41fb0c/resourcegroups/MSAL_MSI/providers/Microsoft.ManagedIdentity/userAssignedIdentities/Msal_Integration_tests       |
+| Name   | Msal_Integration_tests        |
 | Type      | Microsoft.ManagedIdentity/userAssignedIdentities       |
-| Location   | eastus2        |
+| Location   | eastus        |
 | Tenant Id      | 72f988bf-86f1-41af-91ab-2d7cd011db47       |
-| Principal Id   | 3b57c42c-3201-4295-ae27-d6baec5b7027        |
-| Client Id      | 3b57c42c-3201-4295-ae27-d6baec5b7027       |
+| Principal Id   | a38637b6-b365-4652-af1f-cf5d8cf829ad        |
+| Client Id      | 45344e7d-c562-4be6-868f-18dac789c021       |
 
 # Troubleshooting the test service