Connect to Azure with PowerShell - Azure Documentation

Connect to Azure with Azure PowerShell

This article guides you through the process of connecting to your Azure subscription using Azure PowerShell. Establishing a connection is the first step to managing your Azure resources programmatically.

Prerequisites

Azure PowerShell installed. If not, follow the installation guide.
An Azure account with an active subscription.

Connecting to Azure

The primary cmdlet for connecting to Azure is Connect-AzAccount. When you run this cmdlet, it will prompt you to authenticate with your Azure credentials.

Connect-AzAccount

Upon execution, a browser window or a device code authentication flow will be initiated, depending on your environment and Azure configuration.

Using Azure AD for Authentication

By default, Connect-AzAccount uses your default Azure Active Directory (Azure AD) tenant. If you have multiple tenants, you can specify the tenant to connect to using the -TenantId parameter.

Connect-AzAccount -TenantId "YOUR_TENANT_ID"

Connecting with Specific Credentials

For automated scripts or scenarios where interactive login is not feasible, you can use service principals or managed identities. For service principals, you'll typically use the -ServicePrincipal switch along with -Tenant and -ApplicationId. However, using a certificate or secret is more common and secure.

Example using a Service Principal with a Secret:

Connect-AzAccount -ServicePrincipal -Tenant "YOUR_TENANT_ID" -ApplicationId "YOUR_APP_ID" -Credential (Get-Credential)

This example will prompt you for the service principal's secret.

Security Note: Avoid hardcoding secrets directly in scripts. Use secure methods like Azure Key Vault or environment variables.

Listing Available Subscriptions

After a successful connection, you can list all subscriptions associated with your account using the Get-AzSubscription cmdlet.

Get-AzSubscription

If you have multiple subscriptions and need to set a specific one as the active context, you can use Set-AzContext.

Set-AzContext -SubscriptionId "YOUR_SUBSCRIPTION_ID"

Parameters for Connect-AzAccount

Parameter	Description	Required
`EnvironmentName`	Specifies the Azure cloud environment to connect to (e.g., AzureChinaCloud, AzureUSGovernment). Defaults to AzurePublicCloud.	No
`TenantId`	The Azure AD tenant ID to connect to.	No
`Subscription`	The name or ID of the subscription to connect to.	No
`Credential`	A PSCredential object for interactive or stored credential login.	No
`ServicePrincipal`	Connects using a service principal.	No
`ApplicationId`	The application ID of the service principal. Required when `-ServicePrincipal` is used.	No

Disconnecting from Azure

When you are finished managing resources, it's good practice to disconnect your session.

Disconnect-AzAccount

This command removes the authentication token and ends the current Azure PowerShell session.

Next Steps

Once connected, you can start managing your Azure resources. Explore common cmdlets for managing virtual machines, storage accounts, and more. Refer to the Azure PowerShell Modules Overview for a list of available modules and their cmdlets.