Hi all - I created a key vault with Pulumi in Azure and in order to get the tenant ID I have the following code

var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
    var tenantID = clientConfig.Apply(x => //tenant ID: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    {
        var data = x.TenantId;
        return Output.Create(data);
    });

Then in my keyvault definition I say TenantId = tenantID When I run pulumi up I get the following error

error: Running program 'C:\Users\xxxx\Source\Repos\xxxxx\bin\Debug\netx.0\xxxx.dll' failed with an unhandled exception:
    Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:authorization:getClientConfig returned an error: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Continuous access evaluation resulted in claims challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied")
       at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request)
       at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2
       at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult)
       at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<Create>g__GetData|0(?)+GetData(?)
       at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)

Well the main issue there looks to be azure specific. I'd guess your running with credentials that can't do that getClientConfig call directly, I don't know azure well enough to say why though. Second minor thing, you don't really need that Output.Create at the end of your Apply function. You should be able to return just data directly.