Sign in with Azure PowerShell

Azure PowerShell supports multiple authentication methods. The simplest way to get started is to sign in interactively at the command line.

Sign in interactively

To sign in interactively, use the Connect-AzureRmAccount cmdlet.


When run, this cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. When you authenticate, that information is saved for the current PowerShell session, the dialog is closed, and you have access to all of the Azure PowerShell cmdlets.


As of Azure PowerShell 6.3.0, your credentials are shared among multiple PowerShell sessions as long as you remain signed in to Windows. For more information, see the article on Persistent Credentials.

Sign in with a service principal

Service principals provide a way for you to create non-interactive accounts that you can use to manipulate resources. Service principals are like user accounts to which you can apply rules using Azure Active Directory. By granting the minimum permissions needed to a service principal, you can ensure your automation scripts are even more secure.

If you need to create a service principal for use with Azure PowerShell, see Create an Azure service principal with Azure PowerShell.

To sign in with a service principal, use the -ServicePrincipal argument with the Connect-AzureRmAccount cmdlet. You will also need the service princpal's application ID, sign-in credentials, and the tenant ID associate with the service principal. In order to get the service principal's credentials as the appropriate object, use the Get-Credential cmdlet. This cmdlet will display a dialog box to enter the service principal user ID and password into.

$pscredential = Get-Credential
Connect-AzureRmAccount -ServicePrincipal -ApplicationId  "http://my-app" -Credential $pscredential -TenantId $tenantid

Sign in using an Azure VM Managed Service Identity

Managed Service Identity (MSI) is a preview feature of Azure Active Directory. You can use an MSI service principal for sign-in, and acquire an app-only access token to access other resources. MSI is only available on virtual machines running in an Azure cloud.

For more information about MSI, see How to use an Azure VM Managed Service Identity (MSI) for sign-in and token acquisition.

Sign in to another Cloud

Azure cloud services provide different environments that adhere to the data-handling regulations of various regions. If your Azure account is in a cloud associated with one of these regions, you need to specify the environment when you sign in. For example, if you account is in the China cloud you sign on using the following command:

Connect-AzureRmAccount -Environment AzureChinaCloud

Use the following command to get a list of available environments:

Get-AzureRmEnvironment | Select-Object Name

Learn more about managing Azure role-based access

For more information about authentication and subscription management in Azure, see Manage Accounts, Subscriptions, and Administrative Roles.

Azure PowerShell cmdlets for role management: