Connect-AzureRmAccount

Connect to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

Connect-AzureRmAccount
       [-Environment <String>]
       [[-Credential] <PSCredential>]
       [-TenantId <String>]
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzureRmAccount
       [-Environment <String>]
       [-Credential] <PSCredential>
       [-ServicePrincipal]
       -TenantId <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzureRmAccount
       [-Environment <String>]
       -CertificateThumbprint <String>
       -ApplicationId <String>
       [-ServicePrincipal]
       -TenantId <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzureRmAccount
       [-Environment <String>]
       [-TenantId <String>]
       -AccessToken <String>
       [-GraphAccessToken <String>]
       [-KeyVaultAccessToken <String>]
       -AccountId <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipValidation]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzureRmAccount
       [-Environment <String>]
       [-TenantId <String>]
       [-AccountId <String>]
       [-Identity]
       [-ManagedServicePort <Int32>]
       [-ManagedServiceHostName <String>]
       [-ManagedServiceSecret <SecureString>]
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

The Connect-AzureRmAccount cmdlet connects to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests. You can use this authenticated account only with Azure Resource Manager cmdlets. To add an authenticated account for use with Service Management cmdlets, use the Add-AzureAccount or the Import-AzurePublishSettingsFile cmdlet. If no context is found for the current user, this command will populate the user's context list with a context for each of their (first 25) subscriptions. The list of contexts created for the user can be found by running "Get-AzureRmContext -ListAvailable". To skip this context population, you can run this command with the "-SkipContextPopulation" switch parameter. After executing this cmdlet, you can disconnect from an Azure account using Disconnect-AzureRmAccount.

Examples

Example 1: Use an interactive login to connect to an Azure account

PS C:\> Connect-AzureRmAccount

Account                SubscriptionName TenantId                Environment
-------                ---------------- --------                -----------
azureuser@contoso.com  Subscription1    xxxx-xxxx-xxxx-xxxx     AzureCloud

This command connects to an Azure account. To run Azure Resource Manager cmdlets with this account, you must provide Microsoft account or organizational ID credentials at the prompt. If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal authentication.

Example 2: Connect to an Azure account using organizational ID credentials

PS C:\> $Credential = Get-Credential
PS C:\> Connect-AzureRmAccount -Credential $Credential

Account                SubscriptionName TenantId                Environment
-------                ---------------- --------                -----------
azureuser@contoso.com  Subscription1    xxxx-xxxx-xxxx-xxxx     AzureCloud

The first command will prompt for user credentials (username and password), and then stores them in the $Credential variable. The second command connects to an Azure account using the credentials stored in $Credential. This account authenticates with Azure Resource Manager using organizational ID credentials. You cannot use multi-factor authentication or Microsoft account credentials to run Azure Resource Manager cmdlets with this account.

Example 3: Connect to an Azure service principal account

PS C:\> $Credential = Get-Credential

PS C:\> Connect-AzureRmAccount -Credential $Credential -Tenant "xxxx-xxxx-xxxx-xxxx" -ServicePrincipal
Account                SubscriptionName TenantId                Environment
-------                ---------------- --------                -----------
xxxx-xxxx-xxxx-xxxx    Subscription1    xxxx-xxxx-xxxx-xxxx     AzureCloud

The first command gets the service principal credentials (application id and service principal secret), and then stores them in the $Credential variable. The second command connect to Azure using the service principal credentials stored in $Credential for the specified Tenant. The ServicePrincipal switch parameter indicates that the account authenticates as a service principal.

Example 4: Use an interactive login to connect to an account for a specific tenant and subscription

PS C:\> Connect-AzureRmAccount -Tenant "xxxx-xxxx-xxxx-xxxx" -SubscriptionId "yyyy-yyyy-yyyy-yyyy"
Account                SubscriptionName TenantId                Environment
-------                ---------------- --------                -----------
azureuser@contoso.com  Subscription1    xxxx-xxxx-xxxx-xxxx     AzureCloud

This command connects to an Azure account and configured AzureRM PowerShell to run cmdlets for the specified tenant and subscription by default.

Example 5: Add an Account Using Managed Service Identity Login

PS C:\> Connect-AzureRmAccount -MSI

Account                SubscriptionName TenantId                Environment
-------                ---------------- --------                -----------
MSI@50342              Subscription1    xxxx-xxxx-xxxx-xxxx     AzureCloud

This command connects using the managed service identity of the host environment (for example, if executed on a VirtualMachine with an assigned Managed Service Identity, this will allow the code to login using that assigned identity)

Example 6: Add an account using certificates

# For more information on creating a self-signed certificate
# and giving it proper permissions, please see the following:
# https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell
PS C:\> $Thumbprint = "0SZTNJ34TCCMUJ5MJZGR8XQD3S0RVHJBA33Z8ZXV"
PS C:\> $TenantId = "00001111-aaaa-2222-bbbb-3333cccc4444"
PS C:\> $ApplicationId = "00001111-aaaa-2222-bbbb-3333cccc4444"
PS C:\> Connect-AzureRmAccount -CertificateThumbprint $Thumbprint -ApplicationId $ApplicationId -Tenant $TenantId -ServicePrincipal

Account             SubscriptionName TenantId            Environment
-------             ---------------- --------            -----------
xxxx-xxxx-xxxx-xxxx Subscription1    xxxx-xxxx-xxxx-xxxx AzureCloud

Account          : 00001111-aaaa-2222-bbbb-3333cccc4444
SubscriptionName : MyTestSubscription
SubscriptionId   : 85f0f653-1f86-4d2c-a9f1-042efc00085c
TenantId         : 00001111-aaaa-2222-bbbb-3333cccc4444
Environment      : AzureCloud

This command connects to an Azure account using certificate-based service principal authentication. Theservice principal used for authentication should have been created with the given certificate.

Parameters

-AccessToken

Specifies an access token.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AccountId

Account Id for access token

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ApplicationId

SPN

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-CertificateThumbprint

Certificate Hash (Thumbprint)

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ContextName

Name of the default context from this login. You will be able to select this context by this name after login.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Credential

Specifies a PSCredential object. For more information about the PSCredential object, type Get-Help Get-Credential. The PSCredential object provides the user ID and password for organizational ID credentials, or the application ID and secret for service principal credentials.

Type:PSCredential
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Environment

Environment containing the account to log into

Type:String
Aliases:EnvironmentName
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Overwrite the existing context with the same name, if any.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GraphAccessToken

AccessToken for Graph Service

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Identity

Login using managed service identity in the current environment.

Type:SwitchParameter
Aliases:MSI, ManagedService
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-KeyVaultAccessToken

AccessToken for KeyVault Service

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ManagedServiceHostName

Host name for managed service login

Type:String
Position:Named
Default value:localhost
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ManagedServicePort

Port number for managed service login

Type:Int32
Position:Named
Default value:50342
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ManagedServiceSecret

Secret, used for some kinds of managed service login.

Type:SecureString
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Scope

Determines the scope of context changes, for example, whether changes apply only to the current process, or to all sessions started by this user.

Type:ContextModificationScope
Accepted values:Process, CurrentUser
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ServicePrincipal

Indicates that this account authenticates by providing service principal credentials.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SkipContextPopulation

Skips context population if no contexts are found.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SkipValidation

Skip validation for access token

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Subscription

Subscription Name or ID

Type:String
Aliases:SubscriptionName, SubscriptionId
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-TenantId

Optional domain name or tenant ID. Domain name will not work in all sign-in situations. For Cloud Solution Provider (CSP) sign-in, tenant ID is required.

Type:String
Aliases:Domain
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Parameters: Subscription (ByValue)

Outputs

PSAzureProfile