< Back
Connect-AzureRmAccount
Post
NAME Connect-AzureRmAccount
SYNOPSIS
Connect to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests.
SYNTAX
Connect-AzureRmAccount -AccessToken <String> -AccountId <String> [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>] [-Environment
<String>] [-Force] [-GraphAccessToken <String>] [-KeyVaultAccessToken <String>] [-Scope {Process | CurrentUser}] [-SkipValidation] [-Subscription
<String>] [-TenantId <String>] [-Confirm] [-WhatIf] [<CommonParameters>]
Connect-AzureRmAccount [-AccountId <String>] [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>] [-Environment <String>] [-Force]
-Identity [-ManagedServiceHostName <String>] [-ManagedServicePort <Int32>] [-Scope {Process | CurrentUser}] [-Subscription <String>] [-TenantId
<String>] [-Confirm] [-WhatIf] [<CommonParameters>]
Connect-AzureRmAccount -ApplicationId <String> -CertificateThumbprint <String> [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>]
[-Environment <String>] [-Force] [-Scope {Process | CurrentUser}] -ServicePrincipal [-Subscription <String>] -TenantId <String> [-Confirm]
[-WhatIf] [<CommonParameters>]
Connect-AzureRmAccount [[-Credential] <PSCredential>] [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>] [-Environment <String>]
[-Force] [-Scope {Process | CurrentUser}] [-Subscription <String>] [-TenantId <String>] [-Confirm] [-WhatIf] [<CommonParameters>]
Connect-AzureRmAccount [-Credential] <PSCredential> [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>] [-Environment <String>]
[-Force] [-Scope {Process | CurrentUser}] -ServicePrincipal [-Subscription <String>] -TenantId <String> [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Connect-AzureRmAccount cmdlet connects to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests.
You can use this authenticated account only with Azure Resource Manager cmdlets.
To add an authenticated account for use with Service Management cmdlets, use the Add-AzureAccount or the Import-AzurePublishSettingsFile cmdlet.
After executing this cmdlet, you can disconnect from an Azure account using Disconnect-AzureRmAccount.
PARAMETERS
-AccessToken <String>
Specifies an access token.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-AccountId <String>
Account Id for access token
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ApplicationId <String>
SPN
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-CertificateThumbprint <String>
Certificate Hash (Thumbprint)
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ContextName <String>
Name of the default context from this login. You will be able to select this context by this name after login.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Credential <PSCredential>
Specifies a PSCredential object. For more information about the PSCredential object, type Get-Help Get-Credential.
The PSCredential object provides the user ID and password for organizational ID credentials, or the application ID and secret for service
principal credentials.
Required? false
Position? 0
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Environment <String>
Environment containing the account to log into
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Force [<SwitchParameter>]
Overwrite the existing context with the same name, if any.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-GraphAccessToken <String>
AccessToken for Graph Service
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Identity [<SwitchParameter>]
Login using managed service identity in the current environment.
Required? true
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-KeyVaultAccessToken <String>
AccessToken for KeyVault Service
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ManagedServiceHostName <String>
Host name for managed service login
Required? false
Position? named
Default value localhost
Accept pipeline input? False
Accept wildcard characters? false
-ManagedServicePort <Int32>
Port number for managed service login
Required? false
Position? named
Default value 50342
Accept pipeline input? False
Accept wildcard characters? false
-Scope <ContextModificationScope>
Determines the scope of context changes, for example, whether changes apply only to the current process, or to all sessions started by this
user.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ServicePrincipal [<SwitchParameter>]
Indicates that this account authenticates by providing service principal credentials.
Required? true
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-SkipValidation [<SwitchParameter>]
Skip validation for access token
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-Subscription <String>
Subscription Name or ID
Required? false
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-TenantId <String>
Optional tenant name or ID
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
String
Parameter 'SubscriptionId' accepts value of type 'String' from the pipeline
String
Parameter 'SubscriptionName' accepts value of type 'String' from the pipeline
OUTPUTS
PSAzureProfile
Credentials, subscription, account, and tenant information for the logged in user.
NOTES
Example 1: Use an interactive login to connect to an Azure account
PS C:\\> Connect-AzureRmAccount
Account: azureuser@contoso.com
Environment: AzureCloud
Subscription: xxxx-xxxx-xxxx-xxxx
Tenant: xxxx-xxxx-xxxx-xxxx
This command connects to an Azure account.
To run Azure Resource Manager cmdlets with this account, you must provide Microsoft account or organizational ID credentials at the prompt.
If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal
authentication.
Example 2: Connect to an Azure account using organizational ID credentials
PS C:\\> $Credential = Get-Credential
PS C:\\> Connect-AzureRmAccount -Credential $Credential
Account: azureuser@contoso.com
Environment: AzureChinaCloud
Subscription: xxxx-xxxx-xxxx-xxxx
Tenant: xxxx-xxxx-xxxx-xxxx
The first command gets the user credentials, and then stores them in the $Credential variable.
The second command connects to an Azure account using the credentials stored in $Credential.
This account authenticates with Azure Resource Manager using organizational ID credentials.
You cannot use multi-factor authentication or Microsoft account credentials to run Azure Resource Manager cmdlets with this account.
Example 3: Connect to an Azure service principal account
PS C:\\> $Credential = Get-Credential
PS C:\\> Connect-AzureRmAccount -Credential $Credential -Tenant "xxxx-xxxx-xxxx-xxxx" -ServicePrincipal
Account: xxxx-xxxx-xxxx-xxxx
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx
The first command gets the user credentials, and then stores them in the $Credential variable.
The second command connect to Azure using the service principal credentials stored in $Credential for the specified Tenant.
The ServicePrincipal switch parameter indicates that the account authenticates as a service principal.
Example 4: Use an interactive login to connect to an account for a specific tenant and subscription
PS C:\\> Connect-AzureRmAccount -Tenant "xxxx-xxxx-xxxx-xxxx" -SubscriptionId "yyyy-yyyy-yyyy-yyyy"
Account: pfuller@contoso.com
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx
This command connects to an Azure account and configured AzureRM PowerShell to run cmdlets for the specified tenant and subscription by default.
Example 5: Add an Account Using Managed Service Identity Login
PS C:\\>Add-AzureRmAccount -MSI
Account: MSI@50342
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx
This command logs in using the managed service identity of the host environment (for example, if executed on a VirtualMachine with an assigned
Managed Service Identity, this will allow the code to login using that assigned identity)
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ermaccount
SYNOPSIS
Connect to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests.
SYNTAX
Connect-AzureRmAccount -AccessToken <String> -AccountId <String> [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>] [-Environment
<String>] [-Force] [-GraphAccessToken <String>] [-KeyVaultAccessToken <String>] [-Scope {Process | CurrentUser}] [-SkipValidation] [-Subscription
<String>] [-TenantId <String>] [-Confirm] [-WhatIf] [<CommonParameters>]
Connect-AzureRmAccount [-AccountId <String>] [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>] [-Environment <String>] [-Force]
-Identity [-ManagedServiceHostName <String>] [-ManagedServicePort <Int32>] [-Scope {Process | CurrentUser}] [-Subscription <String>] [-TenantId
<String>] [-Confirm] [-WhatIf] [<CommonParameters>]
Connect-AzureRmAccount -ApplicationId <String> -CertificateThumbprint <String> [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>]
[-Environment <String>] [-Force] [-Scope {Process | CurrentUser}] -ServicePrincipal [-Subscription <String>] -TenantId <String> [-Confirm]
[-WhatIf] [<CommonParameters>]
Connect-AzureRmAccount [[-Credential] <PSCredential>] [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>] [-Environment <String>]
[-Force] [-Scope {Process | CurrentUser}] [-Subscription <String>] [-TenantId <String>] [-Confirm] [-WhatIf] [<CommonParameters>]
Connect-AzureRmAccount [-Credential] <PSCredential> [-ContextName <String>] [-DefaultProfile <IAzureContextContainer>] [-Environment <String>]
[-Force] [-Scope {Process | CurrentUser}] -ServicePrincipal [-Subscription <String>] -TenantId <String> [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Connect-AzureRmAccount cmdlet connects to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests.
You can use this authenticated account only with Azure Resource Manager cmdlets.
To add an authenticated account for use with Service Management cmdlets, use the Add-AzureAccount or the Import-AzurePublishSettingsFile cmdlet.
After executing this cmdlet, you can disconnect from an Azure account using Disconnect-AzureRmAccount.
PARAMETERS
-AccessToken <String>
Specifies an access token.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-AccountId <String>
Account Id for access token
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ApplicationId <String>
SPN
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-CertificateThumbprint <String>
Certificate Hash (Thumbprint)
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ContextName <String>
Name of the default context from this login. You will be able to select this context by this name after login.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Credential <PSCredential>
Specifies a PSCredential object. For more information about the PSCredential object, type Get-Help Get-Credential.
The PSCredential object provides the user ID and password for organizational ID credentials, or the application ID and secret for service
principal credentials.
Required? false
Position? 0
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Environment <String>
Environment containing the account to log into
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Force [<SwitchParameter>]
Overwrite the existing context with the same name, if any.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-GraphAccessToken <String>
AccessToken for Graph Service
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Identity [<SwitchParameter>]
Login using managed service identity in the current environment.
Required? true
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-KeyVaultAccessToken <String>
AccessToken for KeyVault Service
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ManagedServiceHostName <String>
Host name for managed service login
Required? false
Position? named
Default value localhost
Accept pipeline input? False
Accept wildcard characters? false
-ManagedServicePort <Int32>
Port number for managed service login
Required? false
Position? named
Default value 50342
Accept pipeline input? False
Accept wildcard characters? false
-Scope <ContextModificationScope>
Determines the scope of context changes, for example, whether changes apply only to the current process, or to all sessions started by this
user.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ServicePrincipal [<SwitchParameter>]
Indicates that this account authenticates by providing service principal credentials.
Required? true
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-SkipValidation [<SwitchParameter>]
Skip validation for access token
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-Subscription <String>
Subscription Name or ID
Required? false
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-TenantId <String>
Optional tenant name or ID
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
String
Parameter 'SubscriptionId' accepts value of type 'String' from the pipeline
String
Parameter 'SubscriptionName' accepts value of type 'String' from the pipeline
OUTPUTS
PSAzureProfile
Credentials, subscription, account, and tenant information for the logged in user.
NOTES
Example 1: Use an interactive login to connect to an Azure account
PS C:\\> Connect-AzureRmAccount
Account: azureuser@contoso.com
Environment: AzureCloud
Subscription: xxxx-xxxx-xxxx-xxxx
Tenant: xxxx-xxxx-xxxx-xxxx
This command connects to an Azure account.
To run Azure Resource Manager cmdlets with this account, you must provide Microsoft account or organizational ID credentials at the prompt.
If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal
authentication.
Example 2: Connect to an Azure account using organizational ID credentials
PS C:\\> $Credential = Get-Credential
PS C:\\> Connect-AzureRmAccount -Credential $Credential
Account: azureuser@contoso.com
Environment: AzureChinaCloud
Subscription: xxxx-xxxx-xxxx-xxxx
Tenant: xxxx-xxxx-xxxx-xxxx
The first command gets the user credentials, and then stores them in the $Credential variable.
The second command connects to an Azure account using the credentials stored in $Credential.
This account authenticates with Azure Resource Manager using organizational ID credentials.
You cannot use multi-factor authentication or Microsoft account credentials to run Azure Resource Manager cmdlets with this account.
Example 3: Connect to an Azure service principal account
PS C:\\> $Credential = Get-Credential
PS C:\\> Connect-AzureRmAccount -Credential $Credential -Tenant "xxxx-xxxx-xxxx-xxxx" -ServicePrincipal
Account: xxxx-xxxx-xxxx-xxxx
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx
The first command gets the user credentials, and then stores them in the $Credential variable.
The second command connect to Azure using the service principal credentials stored in $Credential for the specified Tenant.
The ServicePrincipal switch parameter indicates that the account authenticates as a service principal.
Example 4: Use an interactive login to connect to an account for a specific tenant and subscription
PS C:\\> Connect-AzureRmAccount -Tenant "xxxx-xxxx-xxxx-xxxx" -SubscriptionId "yyyy-yyyy-yyyy-yyyy"
Account: pfuller@contoso.com
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx
This command connects to an Azure account and configured AzureRM PowerShell to run cmdlets for the specified tenant and subscription by default.
Example 5: Add an Account Using Managed Service Identity Login
PS C:\\>Add-AzureRmAccount -MSI
Account: MSI@50342
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx
This command logs in using the managed service identity of the host environment (for example, if executed on a VirtualMachine with an assigned
Managed Service Identity, this will allow the code to login using that assigned identity)
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ermaccount