How to connect to an Azure account using PowerShell?

June 24, 2022December 29, 2023 Chirag Nagrekar

Hello Folks,

People are working on Azure Know how they connect to the Azure cloud from the portal (https://portal.azure.com) but programmatically there are several methods we can log in to Azure like .Net, Python, PowerShell, Java, etc. MS is so flexible that you can log in to Azure using almost all the programming languages.

In this article, we are going to cover how you can log in using PowerShell to the Azure cloud and how you can connect to an Azure subscription and consumes resources.

Pre-Requisite:

PowerShell session should have the Az.Accounts module loaded because it needs for running commands related to the Azure connection. If not installed then install it from the PowerShell gallery.

https://www.powershellgallery.com/packages/Az.Accounts

However, you may need additional Azure modules when you start writing scripts. You can use the Az module for the whole package if you don’t need the individual module to install.

Connection methods:

Portal redirection.
Using the Device code.
Service Principal Name (SPN)
Certificate

1) Azure Portal Redirection

Once you have installed the Az.Accounts module, you can directly run Connect-AzAccount from the PowerShell console and it will redirect you to the browser for the Azure authentication.

This method people generally prefer when they have cached login in the browser so they don’t need to enter credentials again.

2) DeviceCode authentication

You can also log in with the device code, the 9-digit (mostly) code is generated to enter what you need to enter in the URL (https://microsoft.com/devicelogin).

To log in with the device code, you need to provide the –useDeviceAuthentication parameter with the Connect-AzAccount command, and you will get the code in the console as shown below.

Connect-AzAccount -useDeviceAuthentication

Using Device Code

Enter this code to https://microsoft.com/devicelogin website and you will see the form to enter the code.

Once you enter the code and if your browser is already authenticated with the Azure portal then just entering the device code works otherwise you need to login to the Azure portal first.

3) Using Credentials

You can provide Azure Account credentials directly to the command line using the -Credential parameter in the Connect-AzAccount command but this method won’t work if you have the multi-factor authentication in place for your organization.

$creds = Get-Credential
Connect-AzAccount -Credential $creds -TenantId XXXX-XXXXXX-XXXXX-XXX

For multi-factor authentication, you might receive an error as shown below.

Multi-Factor authentication error.

This is a simple way of authentication that you can use the same credentials during the script whenever applied but only for the single-factor authentication.

4) Using Service Principal Name (SPN).

To authenticate the Azure account with SPN, you first need to create SPN. Two methods are shown below on how to create SPN using Azure Portal and Powershell.

Azure Portal – https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
Azure PowerShell – https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell

Once the SPN is created, get the Application ID and secret from the Azure Portal (Azure Active Directory -> App Registrations -> Your AppName) and you will find AppID and Client credentials (Secret) there.

Enter the code below.

$creds = Get-Credential
Connect-AzAccount -TenantId "xxxx-xxxx-xxx-xxxx" -Credential $creds -ServicePrincipal

In the Get-Credential command, enter ApplicationId as the username and Secret as the Password.

or you can pass the credentials, as shown below.

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecuredPassword

There is another method to log in with a certificate, but it is a whole different topic. We will cover a separate topic for it.

Conclusion

The above methods mentioned are for login interactively and with SPN. The latter method can be used when there is no user interaction required to log in to the Azure account automatically and run the script. For example, runbook or Azure Pipelines.