[AKS] Use AAD auth by default for AKS addons

[NoriZC]

Description

Fixing #29421

Mandatory Checklist

• Please choose the target release of Azure PowerShell. (⚠️Target release is a different concept from API readiness. Please click below links for details.)

  • General release
  • Public preview
  • Private preview
  • Engineering build
  • No need for a release

• Check this box to confirm: I have read the Submitting Changes section of CONTRIBUTING.md and reviewed the following information:

• SHOULD update ChangeLog.md file(s) appropriately
  • Update src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.
    • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header in the past tense.
  • Should not change ChangeLog.md if no new release is required, such as fixing test case only.
• SHOULD regenerate markdown help files if there is cmdlet API change. Instruction
• SHOULD have proper test coverage for changes in pull request.
• SHOULD NOT adjust version of module manually in pull request

[azure-client-tools-bot-prd]

Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status.

[Copilot]

Pull request overview

Updates the AKS module’s Monitoring add-on enablement flow so that the resulting omsagent add-on profile opts into AAD-based authentication by default, aligning with newer Azure Monitor agent requirements.

Changes:

• Set useAADAuth=true in the Monitoring (omsagent) add-on configuration when enabling Monitoring.
• Added an Az.Aks changelog entry describing the behavior change.
• Updated AKS scenario test to validate useAADAuth is present in the returned add-on config.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
src/Aks/Aks/Utils/AddonUtils.cs	Adds useAADAuth to the Monitoring add-on config map.
src/Aks/Aks/ChangeLog.md	Documents the default useAADAuth=true behavior for Monitoring enablement.
src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1	Adjusts cluster creation and asserts useAADAuth is set for omsagent.

[Copilot]

Changelog entry uses the acronym "AAD" without expanding it. In ChangeLog.md entries, less-obvious acronyms should be explained on first use (e.g., "AAD (Azure Active Directory)") and the entry should focus on user impact (for example, clarifying how enabling the Monitoring add-on behavior changes for users).

Suggested change

	* Set `useAADAuth` to `true` by default in the omsagent addon profile when enabling the Monitoring addon via `Enable-AzAksAddOn` and `New-AzAksCluster`
	- This ensures compatibility with the latest Azure Monitor agent which requires AAD authentication
	* Updated the Monitoring addon behavior in `Enable-AzAksAddOn` and `New-AzAksCluster` to set `useAADAuth` to `true` by default in the omsagent addon profile
	- When you enable the Monitoring addon, Azure Active Directory authentication is now enabled by default for compatibility with the latest Azure Monitor agent

[Copilot]

Using -GenerateSshKey in this scenario test can make the test flaky and can have side effects on the build agent: New-AzAksCluster -GenerateSshKey writes to {HOME}/.ssh/id_rsa and throws if that file already exists. Prefer passing -SshKeyValue from a test-generated temporary key (or reusing an existing test key) so the test doesn’t depend on or modify the agent’s user profile.

[Copilot]

Using -GenerateSshKey in this scenario test can make the test flaky and can have side effects on the build agent: New-AzAksCluster -GenerateSshKey writes to {HOME}/.ssh/id_rsa and throws if that file already exists. Prefer passing -SshKeyValue from a test-generated temporary key (or reusing an existing test key) so the test doesn’t depend on or modify the agent’s user profile.

[microsoft-github-policy-service]

🔔 Routing this PR to @act-observability-squad.