Connect-AzureRmAccount
Connect to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
Connect-AzureRmAccount
[-Environment <String>]
[[-Credential] <PSCredential>]
[-TenantId <String>]
[-Subscription <String>]
[-ContextName <String>]
[-SkipContextPopulation]
[-Force]
[-Scope <ContextModificationScope>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Connect-AzureRmAccount
[-Environment <String>]
[-Credential] <PSCredential>
[-ServicePrincipal]
-TenantId <String>
[-Subscription <String>]
[-ContextName <String>]
[-SkipContextPopulation]
[-Force]
[-Scope <ContextModificationScope>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Connect-AzureRmAccount
[-Environment <String>]
-CertificateThumbprint <String>
-ApplicationId <String>
[-ServicePrincipal]
-TenantId <String>
[-Subscription <String>]
[-ContextName <String>]
[-SkipContextPopulation]
[-Force]
[-Scope <ContextModificationScope>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Connect-AzureRmAccount
[-Environment <String>]
[-TenantId <String>]
-AccessToken <String>
[-GraphAccessToken <String>]
[-KeyVaultAccessToken <String>]
-AccountId <String>
[-Subscription <String>]
[-ContextName <String>]
[-SkipValidation]
[-SkipContextPopulation]
[-Force]
[-Scope <ContextModificationScope>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Connect-AzureRmAccount
[-Environment <String>]
[-TenantId <String>]
[-AccountId <String>]
[-Identity]
[-ManagedServicePort <Int32>]
[-ManagedServiceHostName <String>]
[-ManagedServiceSecret <SecureString>]
[-Subscription <String>]
[-ContextName <String>]
[-SkipContextPopulation]
[-Force]
[-Scope <ContextModificationScope>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Connect-AzureRmAccount cmdlet connects to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests. You can use this authenticated account only with Azure Resource Manager cmdlets. To add an authenticated account for use with Service Management cmdlets, use the Add-AzureAccount or the Import-AzurePublishSettingsFile cmdlet. If no context is found for the current user, this command will populate the user's context list with a context for each of their (first 25) subscriptions. The list of contexts created for the user can be found by running "Get-AzureRmContext -ListAvailable". To skip this context population, you can run this command with the "-SkipContextPopulation" switch parameter. After executing this cmdlet, you can disconnect from an Azure account using Disconnect-AzureRmAccount.
Examples
Example 1: Use an interactive login to connect to an Azure account
PS C:\> Connect-AzureRmAccount
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
[email protected] Subscription1 xxxx-xxxx-xxxx-xxxx AzureCloud
This command connects to an Azure account. To run Azure Resource Manager cmdlets with this account, you must provide Microsoft account or organizational ID credentials at the prompt. If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal authentication.
Example 2: Connect to an Azure account using organizational ID credentials
PS C:\> $Credential = Get-Credential
PS C:\> Connect-AzureRmAccount -Credential $Credential
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
[email protected] Subscription1 xxxx-xxxx-xxxx-xxxx AzureCloud
The first command will prompt for user credentials (username and password), and then stores them in the $Credential variable. The second command connects to an Azure account using the credentials stored in $Credential. This account authenticates with Azure Resource Manager using organizational ID credentials. You cannot use multi-factor authentication or Microsoft account credentials to run Azure Resource Manager cmdlets with this account.
Example 3: Connect to an Azure service principal account
PS C:\> $Credential = Get-Credential
PS C:\> Connect-AzureRmAccount -Credential $Credential -Tenant "xxxx-xxxx-xxxx-xxxx" -ServicePrincipal
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
xxxx-xxxx-xxxx-xxxx Subscription1 xxxx-xxxx-xxxx-xxxx AzureCloud
The first command gets the service principal credentials (application id and service principal secret), and then stores them in the $Credential variable. The second command connect to Azure using the service principal credentials stored in $Credential for the specified Tenant. The ServicePrincipal switch parameter indicates that the account authenticates as a service principal.
Example 4: Use an interactive login to connect to an account for a specific tenant and subscription
PS C:\> Connect-AzureRmAccount -Tenant "xxxx-xxxx-xxxx-xxxx" -SubscriptionId "yyyy-yyyy-yyyy-yyyy"
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
[email protected] Subscription1 xxxx-xxxx-xxxx-xxxx AzureCloud
This command connects to an Azure account and configured AzureRM PowerShell to run cmdlets for the specified tenant and subscription by default.
Example 5: Add an Account Using Managed Service Identity Login
PS C:\> Connect-AzureRmAccount -MSI
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
MSI@50342 Subscription1 xxxx-xxxx-xxxx-xxxx AzureCloud
This command connects using the managed service identity of the host environment (for example, if executed on a VirtualMachine with an assigned Managed Service Identity, this will allow the code to login using that assigned identity)
Example 6: Add an account using certificates
# For more information on creating a self-signed certificate
# and giving it proper permissions, please see the following:
# https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell
PS C:\> $Thumbprint = "0SZTNJ34TCCMUJ5MJZGR8XQD3S0RVHJBA33Z8ZXV"
PS C:\> $TenantId = "00001111-aaaa-2222-bbbb-3333cccc4444"
PS C:\> $ApplicationId = "00001111-aaaa-2222-bbbb-3333cccc4444"
PS C:\> Connect-AzureRmAccount -CertificateThumbprint $Thumbprint -ApplicationId $ApplicationId -Tenant $TenantId -ServicePrincipal
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
xxxx-xxxx-xxxx-xxxx Subscription1 xxxx-xxxx-xxxx-xxxx AzureCloud
Account : 00001111-aaaa-2222-bbbb-3333cccc4444
SubscriptionName : MyTestSubscription
SubscriptionId : 85f0f653-1f86-4d2c-a9f1-042efc00085c
TenantId : 00001111-aaaa-2222-bbbb-3333cccc4444
Environment : AzureCloud
This command connects to an Azure account using certificate-based service principal authentication. Theservice principal used for authentication should have been created with the given certificate.
Parameters
-AccessToken
Specifies an access token.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AccountId
Account Id for access token
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ApplicationId
SPN
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CertificateThumbprint
Certificate Hash (Thumbprint)
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ContextName
Name of the default context from this login. You will be able to select this context by this name after login.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Credential
Specifies a PSCredential object. For more information about the PSCredential object, type Get-Help Get-Credential. The PSCredential object provides the user ID and password for organizational ID credentials, or the application ID and secret for service principal credentials.
Type: | PSCredential |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Type: | IAzureContextContainer |
Aliases: | AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Environment
Environment containing the account to log into
Type: | String |
Aliases: | EnvironmentName |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
Overwrite the existing context with the same name, if any.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-GraphAccessToken
AccessToken for Graph Service
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Identity
Login using managed service identity in the current environment.
Type: | SwitchParameter |
Aliases: | MSI, ManagedService |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-KeyVaultAccessToken
AccessToken for KeyVault Service
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ManagedServiceHostName
Host name for managed service login
Type: | String |
Position: | Named |
Default value: | localhost |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ManagedServicePort
Port number for managed service login
Type: | Int32 |
Position: | Named |
Default value: | 50342 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ManagedServiceSecret
Secret, used for some kinds of managed service login.
Type: | SecureString |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Scope
Determines the scope of context changes, for example, whether changes apply only to the current process, or to all sessions started by this user.
Type: | ContextModificationScope |
Accepted values: | Process, CurrentUser |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ServicePrincipal
Indicates that this account authenticates by providing service principal credentials.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SkipContextPopulation
Skips context population if no contexts are found.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SkipValidation
Skip validation for access token
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Subscription
Subscription Name or ID
Type: | String |
Aliases: | SubscriptionName, SubscriptionId |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-TenantId
Optional domain name or tenant ID. Domain name will not work in all sign-in situations. For Cloud Solution Provider (CSP) sign-in, tenant ID is required.
Type: | String |
Aliases: | Domain |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Parameters: Subscription (ByValue)