Python: Removed usage of DefaultAzureCredential (#12964)

### Motivation and Context

<!-- Thank you for your contribution to the semantic-kernel repo!
Please help reviewers and future users, providing the following
information:
  1. Why is this change required?
  2. What problem does it solve?
  3. What scenario does it contribute to?
  4. If it fixes an open issue, please link to the issue here.
-->

The usage of `DefaultAzureCredential` by default is unsafe and raises
security issues. Instead, users should provide their own credential
types such as `AzureCliCredential`, `ManagedIdentityCredential` and so
on. More information here:

https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.aio?view=azure-python

In this PR:
1. Removed the usage of `DefaultAzureCredential` from authentication
logic.
2. Replaced `DefaultAzureCredential` with `AzureCliCredential` in all
examples.

**Note**: this is breaking change for Azure users, who relies on
`DefaultAzureCredential`. Users will need to update the code and pass
the credential type of their choice by using `credential` parameter when
initializing one of the Azure clients.

Before:
```python
chat_completion = AzureChatCompletion()
```

After:
```python
chat_completion = AzureChatCompletion(credential=AzureCliCredential())
```

### Contribution Checklist

<!-- Before submitting this PR, please make sure: -->

- [x] The code builds clean without any errors or warnings
- [x] The PR follows the [SK Contribution
Guidelines](https://github.com/microsoft/semantic-kernel/blob/main/CONTRIBUTING.md)
and the [pre-submission formatting
script](https://github.com/microsoft/semantic-kernel/blob/main/CONTRIBUTING.md#development-scripts)
raises no violations
- [x] All unit tests pass, and I have added new tests where possible
- [ ] I didn't break anyone 😄

Author: dmytrostruk

python/samples/concepts/README.md

@@ -265,9 +265,15 @@ In Semantic Kernel for Python, we leverage Pydantic Settings to manage configura
 3. **Direct Constructor Input:**
    - As an alternative to environment variables and `.env` files, you can pass the required settings directly through the constructor of the AI Connector or Memory Connector.
 
-## Microsoft Entra Token Authentication
+## Azure Authentication
 
-To authenticate to your Azure resources using a Microsoft Entra Authentication Token, the `AzureChatCompletion` AI Service connector now supports this as a built-in feature. If you do not provide an API key -- either through an environment variable, a `.env` file, or the constructor -- and you also do not provide a custom `AsyncAzureOpenAI` client, an `ad_token`, or an `ad_token_provider`, the `AzureChatCompletion` connector will attempt to retrieve a token using the [`DefaultAzureCredential`](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python).
+To authenticate to your Azure resources, you must provide one of the following authentication methods to successfully authenticate:
+
+1. **AsyncTokenCredential** - provide one of the `AsyncTokenCredential` types (e.g. `AzureCliCredential`, `ManagedIdentityCredential`). More information here: [Credentials for asynchronous Azure SDK clients]("https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.aio?view=azure-python").
+2. **Custom AsyncAzureOpenAI client** - Pass a pre-configured client instance.
+3. **Access Token (`ad_token`)** - Provide a valid Microsoft Entra access token directly.
+4. **Token Provider (`ad_token_provider`)** - Provide a callable that returns a valid access token.
+5. **API Key** - Provide through an environment variable, a `.env` file, or the constructor.
 
 To successfully retrieve and use the Entra Auth Token, you need the `Cognitive Services OpenAI Contributor` role assigned to your Azure OpenAI resource. By default, the `https://cognitiveservices.azure.com` token endpoint is used. You can override this endpoint by setting an environment variable `.env` variable as `AZURE_OPENAI_TOKEN_ENDPOINT` or by passing a new value to the `AzureChatCompletion` constructor as part of the `AzureOpenAISettings`.
 

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_as_kernel_function.py

@@ -2,7 +2,7 @@
 
 import asyncio
 
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity import AzureCliCredential
 
 from semantic_kernel import Kernel
 from semantic_kernel.agents import (
@@ -69,9 +69,10 @@ async def main() -> None:
 
     ai_agent_settings = AzureAIAgentSettings()
 
+    credential = AzureCliCredential()
+
     async with (
-        DefaultAzureCredential() as creds,
-        AzureAIAgent.create_client(credential=creds, endpoint=ai_agent_settings.endpoint) as client,
+        AzureAIAgent.create_client(credential=credential, endpoint=ai_agent_settings.endpoint) as client,
     ):
         # Create the agent definition
         agent_definition = await client.agents.create_agent(
@@ -93,7 +94,7 @@ async def main() -> None:
         )
 
         refund_agent = ChatCompletionAgent(
-            service=AzureChatCompletion(),
+            service=AzureChatCompletion(credential=credential),
             name="RefundAgent",
             instructions=(
                 "You specialize in addressing customer inquiries regarding refunds. "
@@ -106,7 +107,7 @@ async def main() -> None:
         )
 
         triage_agent = ChatCompletionAgent(
-            service=AzureChatCompletion(),
+            service=AzureChatCompletion(credential=credential),
             kernel=kernel,
             name="TriageAgent",
             instructions=(

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_auto_func_invocation_filter.py

@@ -3,7 +3,7 @@
 import asyncio
 from typing import Annotated
 
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity.aio import AzureCliCredential
 
 from semantic_kernel.agents import AzureAIAgent, AzureAIAgentSettings, AzureAIAgentThread
 from semantic_kernel.contents import ChatMessageContent, FunctionCallContent, FunctionResultContent
@@ -97,7 +97,7 @@ async def main() -> None:
     ai_agent_settings = AzureAIAgentSettings.create()
 
     async with (
-        DefaultAzureCredential() as creds,
+        AzureCliCredential() as creds,
         AzureAIAgent.create_client(credential=creds) as client,
     ):
         # 1. Create an agent on the Azure AI agent service

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_auto_func_invocation_filter_streaming.py

@@ -3,7 +3,7 @@
 import asyncio
 from typing import Annotated
 
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity.aio import AzureCliCredential
 
 from semantic_kernel.agents import AzureAIAgent, AzureAIAgentSettings, AzureAIAgentThread
 from semantic_kernel.contents import ChatMessageContent, FunctionCallContent, FunctionResultContent
@@ -97,7 +97,7 @@ async def main() -> None:
     ai_agent_settings = AzureAIAgentSettings.create()
 
     async with (
-        DefaultAzureCredential() as creds,
+        AzureCliCredential() as creds,
         AzureAIAgent.create_client(credential=creds) as client,
     ):
         # 1. Create an agent on the Azure AI agent service

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_azure_ai_search.py

@@ -5,7 +5,7 @@
 
 from azure.ai.agents.models import AzureAISearchTool
 from azure.ai.projects.models import ConnectionType
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity.aio import AzureCliCredential
 
 from semantic_kernel.agents import AzureAIAgent, AzureAIAgentSettings, AzureAIAgentThread
 
@@ -39,7 +39,7 @@ async def main() -> None:
     ai_agent_settings = AzureAIAgentSettings()
 
     async with (
-        DefaultAzureCredential() as creds,
+        AzureCliCredential() as creds,
         AzureAIAgent.create_client(credential=creds, endpoint=ai_agent_settings.endpoint) as client,
     ):
         ai_search_conn_id = ""

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_bing_grounding.py

@@ -3,7 +3,7 @@
 import asyncio
 
 from azure.ai.agents.models import BingGroundingTool
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity.aio import AzureCliCredential
 
 from semantic_kernel.agents import AzureAIAgent, AzureAIAgentSettings, AzureAIAgentThread
 from semantic_kernel.contents import (
@@ -37,7 +37,7 @@ async def handle_intermediate_steps(message: ChatMessageContent) -> None:
 
 async def main() -> None:
     async with (
-        DefaultAzureCredential() as creds,
+        AzureCliCredential() as creds,
         AzureAIAgent.create_client(credential=creds) as client,
     ):
         # 1. Enter your Bing Grounding Connection Name

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_bing_grounding_streaming_with_message_callback.py

@@ -3,7 +3,7 @@
 import asyncio
 
 from azure.ai.agents.models import BingGroundingTool
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity.aio import AzureCliCredential
 
 from semantic_kernel.agents import AzureAIAgent, AzureAIAgentSettings, AzureAIAgentThread
 from semantic_kernel.contents import (
@@ -42,7 +42,7 @@ async def handle_streaming_intermediate_steps(message: ChatMessageContent) -> No
 
 async def main() -> None:
     async with (
-        DefaultAzureCredential() as creds,
+        AzureCliCredential() as creds,
         AzureAIAgent.create_client(credential=creds) as client,
     ):
         # 1. Enter your Bing Grounding Connection Name

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_code_interpreter_streaming_with_message_callback.py

@@ -4,7 +4,7 @@
 from functools import reduce
 
 from azure.ai.agents.models import CodeInterpreterTool
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity.aio import AzureCliCredential
 
 from semantic_kernel.agents import AzureAIAgent, AzureAIAgentSettings, AzureAIAgentThread
 from semantic_kernel.contents import ChatMessageContent, StreamingChatMessageContent
@@ -27,7 +27,7 @@ async def handle_streaming_intermediate_steps(message: ChatMessageContent) -> No
 
 async def main() -> None:
     async with (
-        DefaultAzureCredential() as creds,
+        AzureCliCredential() as creds,
         AzureAIAgent.create_client(credential=creds) as client,
     ):
         # 1. Create an agent with a code interpreter on the Azure AI agent service

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_declarative_azure_ai_search.py

@@ -2,7 +2,7 @@
 
 import asyncio
 
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity.aio import AzureCliCredential
 
 from semantic_kernel.agents import AgentRegistry, AzureAIAgent, AzureAIAgentSettings
 from semantic_kernel.contents.chat_message_content import ChatMessageContent
@@ -50,7 +50,7 @@
 
 async def main():
     async with (
-        DefaultAzureCredential() as creds,
+        AzureCliCredential() as creds,
         AzureAIAgent.create_client(credential=creds) as client,
     ):
         try:

python/samples/concepts/agents/azure_ai_agent/azure_ai_agent_declarative_bing_grounding.py

@@ -2,7 +2,7 @@
 
 import asyncio
 
-from azure.identity.aio import DefaultAzureCredential
+from azure.identity.aio import AzureCliCredential
 
 from semantic_kernel.agents import AgentRegistry, AzureAIAgent, AzureAIAgentSettings
 
@@ -43,7 +43,7 @@
 
 async def main():
     async with (
-        DefaultAzureCredential() as creds,
+        AzureCliCredential() as creds,
         AzureAIAgent.create_client(credential=creds) as client,
     ):
         try: