Connect-AzureRmAccount

Connect to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests.

Syntax

Connect-AzureRmAccount
       [-Environment <String>]
       [[-Credential] <PSCredential>]
       [-TenantId <String>]
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzureRmAccount
       [-Environment <String>]
       [-Credential] <PSCredential>
       [-ServicePrincipal]
       -TenantId <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzureRmAccount
       [-Environment <String>]
       -CertificateThumbprint <String>
       -ApplicationId <String>
       [-ServicePrincipal]
       -TenantId <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzureRmAccount
       [-Environment <String>]
       [-TenantId <String>]
       -AccessToken <String>
       [-GraphAccessToken <String>]
       [-KeyVaultAccessToken <String>]
       -AccountId <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipValidation]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzureRmAccount
       [-Environment <String>]
       [-TenantId <String>]
       [-AccountId <String>]
       [-Identity]
       [-ManagedServicePort <Int32>]
       [-ManagedServiceHostName <String>]
       [-ManagedServiceSecret <SecureString>]
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

The Connect-AzureRmAccount cmdlet connects to Azure with an authenticated account for use with Azure Resource Manager cmdlet requests. You can use this authenticated account only with Azure Resource Manager cmdlets. To add an authenticated account for use with Service Management cmdlets, use the Add-AzureAccount or the Import-AzurePublishSettingsFile cmdlet. If no context is found for the current user, this command will populate the user's context list with a context for each of their (first 25) subscriptions. The list of contexts created for the user can be found by running "Get-AzureRmContext -ListAvailable". To skip this context population, you can run this command with the "-SkipContextPopulation" switch parameter. After executing this cmdlet, you can disconnect from an Azure account using Disconnect-AzureRmAccount.

Examples

Example 1: Use an interactive login to connect to an Azure account

PS C:\> Connect-AzureRmAccount
Account: azureuser@contoso.com
Environment: AzureCloud
Subscription: xxxx-xxxx-xxxx-xxxx
Tenant: xxxx-xxxx-xxxx-xxxx

This command connects to an Azure account. To run Azure Resource Manager cmdlets with this account, you must provide Microsoft account or organizational ID credentials at the prompt. If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal authentication.

Example 2: Connect to an Azure account using organizational ID credentials

PS C:\> $Credential = Get-Credential
PS C:\> Connect-AzureRmAccount -Credential $Credential
Account: azureuser@contoso.com
Environment: AzureChinaCloud
Subscription: xxxx-xxxx-xxxx-xxxx
Tenant: xxxx-xxxx-xxxx-xxxx

The first command gets the user credentials, and then stores them in the $Credential variable. The second command connects to an Azure account using the credentials stored in $Credential. This account authenticates with Azure Resource Manager using organizational ID credentials. You cannot use multi-factor authentication or Microsoft account credentials to run Azure Resource Manager cmdlets with this account.

Example 3: Connect to an Azure service principal account

PS C:\> $Credential = Get-Credential
PS C:\> Connect-AzureRmAccount -Credential $Credential -Tenant "xxxx-xxxx-xxxx-xxxx" -ServicePrincipal
Account: xxxx-xxxx-xxxx-xxxx
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx

The first command gets the user credentials, and then stores them in the $Credential variable. The second command connect to Azure using the service principal credentials stored in $Credential for the specified Tenant. The ServicePrincipal switch parameter indicates that the account authenticates as a service principal.

Example 4: Use an interactive login to connect to an account for a specific tenant and subscription

PS C:\> Connect-AzureRmAccount -Tenant "xxxx-xxxx-xxxx-xxxx" -SubscriptionId "yyyy-yyyy-yyyy-yyyy"
Account: pfuller@contoso.com
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx

This command connects to an Azure account and configured AzureRM PowerShell to run cmdlets for the specified tenant and subscription by default.

Example 5: Add an Account Using Managed Service Identity Login

PS C:\> Connect-AzureRmAccount -MSI
Account: MSI@50342
Environment: AzureCloud
Subscription: yyyy-yyyy-yyyy-yyyy
Tenant: xxxx-xxxx-xxxx-xxxx

This command connects using the managed service identity of the host environment (for example, if executed on a VirtualMachine with an assigned Managed Service Identity, this will allow the code to login using that assigned identity)

Required Parameters

-AccessToken

Specifies an access token.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AccountId

Account Id for access token

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ApplicationId

SPN

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CertificateThumbprint

Certificate Hash (Thumbprint)

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Identity

Login using managed service identity in the current environment.

Type:SwitchParameter
Aliases:MSI, ManagedService
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-ContextName

Name of the default context from this login. You will be able to select this context by this name after login.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Credential

Specifies a PSCredential object. For more information about the PSCredential object, type Get-Help Get-Credential. The PSCredential object provides the user ID and password for organizational ID credentials, or the application ID and secret for service principal credentials.

Type:PSCredential
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Environment

Environment containing the account to log into

Type:String
Aliases:EnvironmentName
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Overwrite the existing context with the same name, if any.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-GraphAccessToken

AccessToken for Graph Service

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyVaultAccessToken

AccessToken for KeyVault Service

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ManagedServiceHostName

Host name for managed service login

Type:String
Position:Named
Default value:localhost
Accept pipeline input:False
Accept wildcard characters:False
-ManagedServicePort

Port number for managed service login

Type:Int32
Position:Named
Default value:50342
Accept pipeline input:False
Accept wildcard characters:False
-ManagedServiceSecret

Secret, used for some kinds of managed service login.

Type:SecureString
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Scope

Determines the scope of context changes, for example, whether changes apply only to the current process, or to all sessions started by this user.

Type:ContextModificationScope
Parameter Sets:Process, CurrentUser
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ServicePrincipal

Indicates that this account authenticates by providing service principal credentials.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SkipContextPopulation

Skips context population if no contexts are found.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SkipValidation

Skip validation for access token

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Subscription

Subscription Name or ID

Type:String
Aliases:SubscriptionName, SubscriptionId
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-TenantId

Optional tenant name or ID

Type:String
Aliases:Domain
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Parameters: Subscription (ByValue)

Outputs

Microsoft.Azure.Commands.Profile.Models.PSAzureProfile