How can I migrate from Azure Automation State Configuration to Azure Machine Configuration while key feature such as reboot handling and using credentials in DSC configuration blocks remain unsupported?

Question

I currently use Azure Automation State Configuration to deploy DSC configurations to resources in-cloud, using the ActiveDirectoryDsc and DFSDsc modules (amongst others)

We received a notification that it will be retired on September 30, 2027, and to transition to Azure Machine Configuration (which uses DSC 2.0) by that date.

Looking through the transition documents, there are a number of key features removed from DSC 2.0 (and therefore Azure Machine Configuration - see links in brackets below):

• Cross-system dependencies
• Rebooting behaviour ('reboot handling isn't available in the public preview release - configurations aren't able to reboot a node during or at the end of a configuration')
• Adding parameters to DSC Configuration blocks
• Using flow control statements in DSC Configuration blocks
• Using credentials in DSC Configuration blocks ('Secrets management hasn't yet been implemented for machine configuration', 'the RunAsCredential property... has no effect when used with DSC v2.0 and later. The PsDscRunAsCredential property is only supported in DSC v1.1 and earlier.')
• Using the ConfigurationData parameter with a DSC Configuration
• Using the Node keyword in a DSC configuration
• Using composite DSC configurations

At present, our DSC configurations use most of these:

• Parameters, flow control statements, ConfigurationData, Node keyword, and composite DSC configurations to compile each of our MOF files
• Managing reboots with ComputerManagementDsc's PendingReboot.
• Using credentials in DSC Configuration blocks - these are essential and required for certain commonly used resources:
  • For example, within the ActiveDirectoryDsc for managing Active Directory, ADDomain, ADDomainController, ADReadOnlyDomainControllerAccount, ADOptionalFeature , WaitForADDomain and ADUser resources all need credentials supplied (for creating new domains, domain controllers, RODC accounts, enabling Recycle Bin, and creating AD Users.
  • Within DFSDsc, DFSNamespaceRoot, DFSReplicationGroupMember, DFSReplicationGroupMembership, and DFSReplicationGroupConnection all require PSDSCRunAsCredential to apply configurations successfully
  • Within SqlServerDsc, SQLScriptQuery needs a credential supplied to apply configurations successfully

How do we migrate to Azure Machine Configuration in this situation? In particular, how can we:

• Generate MOF files if our configurations currently contain parameters, flow control statements, ConfigurationData, Node keywords, and composite configurations (this is quite a lot of things to lose)
• Manage reboots? (The documentation says reboot handling 'isn't available in the public preview release' - is it something we can expect Azure Machine Configuration to handle in advance of the predecessor's retirement on September 30, 2027?)
• Use credentials in configuration blocks / do secrets management (again documentation says 'secrets management hasn't yet been implemented for machine configuration' - when is this being implemented?)

I cannot see how you can retire the existing service when the alternative you supply does not support these key pieces of functionality (such the ability to create and deploy an on-premises domain controller?)