fix(notification): default azure credential usage

[tecton]

Pull Request

Description

Fix the usage of DefaultAzureCredential

Type of Change

• New sample onboarding (internal - source code in this repo)
• New sample onboarding (external - source code in another repo)
• Sample update/fix
• Documentation update
• Validation tool update
• Other (please describe)

---

For New Sample Onboarding

Checklist

• I have added/updated the sample entry in .config/samples-config-v3.json
• I have included a README.md with setup instructions
• I have included a thumbnail image with correct aspect ratio (40:23, e.g., 1600×920 or 800×460)

Validation Results (Required)

Important: You must run the validation tool locally and provide a screenshot of the results.

For Internal Samples (source code in this repo)

cd validation-tool
npm install
node validator.mjs -p ../<your-sample-folder>

For External Samples (source code in another repo)

cd validation-tool
npm install

# Clone your sample repo (sparse checkout recommended)
git clone --filter=blob:none --sparse <your-repo-url>
cd <repo-name>
git sparse-checkout set <path-to-sample>
cd ..

# Run validation
node validate-external.js <sample-id> ./<repo-name>

---

Related Issues

if any question related to validation, may refer to the Sample Validation Guide
if still has questions, may open a issue :)

[Copilot]

Pull request overview

This PR updates the sample’s Azure Identity authentication approach, aiming to fix how managed identity credentials are created and used across the notification workflow.

Changes:

• Replaced DefaultAzureCredential with ManagedIdentityCredential for Table Storage and Service Bus access in the Azure Functions code.
• Updated @azure/identity dependency version.
• Adjusted the mock installation data script and README instructions related to credentials.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
large-scale-notification/src/internal/tableStore.ts	Switches Table Storage auth to ManagedIdentityCredential and reformats calls.
large-scale-notification/src/functions/durableFunctionHttpTrigger.ts	Uses ManagedIdentityCredential when creating the Service Bus admin client.
large-scale-notification/src/functions/enqueueTasksForInstallationsActivity.ts	Uses ManagedIdentityCredential for Service Bus clients; formatting tweaks.
large-scale-notification/src/functions/waitSendingFinishActivity.ts	Uses ManagedIdentityCredential for Service Bus admin client; formatting tweaks.
large-scale-notification/script/mockInstallationData.ts	Changes how DefaultAzureCredential is constructed for the script.
large-scale-notification/package.json	Bumps @azure/identity version.
large-scale-notification/README.md	Updates instructions for running the mock installation script.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

allowInsecureConnection: true allows plain HTTP connections to Table Storage endpoints, which is unsafe for deployed environments and can enable credential/token exposure. Prefer omitting this option (default secure behavior) or gating it behind an explicit local/emulator flag while keeping production URLs HTTPS-only.

[Copilot]

DefaultAzureCredential options don’t appear to use a requiredEnvVars property, and AZURE_TOKEN_CREDENTIALS isn’t referenced elsewhere in this repo. As written, this likely has no effect (or fails type-checking under ts-node) and makes authentication behavior unclear; consider reverting to new DefaultAzureCredential() or using a specific credential type (e.g., Azure CLI/service principal) and documenting the expected env vars.

Suggested change

	const credential = new DefaultAzureCredential({
	requiredEnvVars: ["AZURE_TOKEN_CREDENTIALS"],
	});
	const credential = new DefaultAzureCredential();

[Copilot]

The README now instructs setting AZURE_TOKEN_CREDENTIALS=dev, but this environment variable isn’t part of the standard Azure Identity configuration and isn’t used anywhere except being listed in the script’s DefaultAzureCredential options. Please update these instructions to reflect an actual supported auth flow (e.g., Azure CLI login or AZURE_TENANT_ID/AZURE_CLIENT_ID/AZURE_CLIENT_SECRET) or remove the requirement if it’s not needed.

Suggested change

	2. Please ensure you are logged into the Azure account used for deploying the app and set environment variable `AZURE_TOKEN_CREDENTIALS` to `dev`.
	2. Ensure you are authenticated to the Azure account used for deploying the app (for example, by running `az login` so that `DefaultAzureCredential` can use your Azure CLI credentials).

[tecton]

@copilot check https://learn.microsoft.com/en-us/azure/developer/javascript/sdk/authentication/credential-chains#how-to-customize-defaultazurecredential

[Copilot]

@tecton I've opened a new pull request, #1605, to work on those changes. Once the pull request is ready, I'll request review from you.