Sign into Azure with the AzureRM PowerShell module
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Azure PowerShell supports several authentication methods. The simplest way to get started is to sign in interactively at the command line.
Sign in interactively
To sign in interactively, use the Connect-AzureRmAccount cmdlet.
Connect-AzureRmAccount
When run, this cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. This authentication lasts for the current PowerShell session.
Important
As of Azure PowerShell 6.3.0, your credentials are shared among multiple PowerShell sessions as long as you remain signed in to Windows. For more information, see the article on Persistent Credentials.
Sign in with a service principal
Service principals are non-interactive Azure accounts. Like other user accounts, their permissions are managed with Microsoft Entra ID. By granting a service principal only the permissions it needs, your automation scripts stay secure.
To learn how to create a service principal for use with Azure PowerShell, see Create an Azure service principal with Azure PowerShell.
To sign in with a service principal, use the ServicePrincipal
argument with the
Connect-AzureRmAccount
cmdlet. You'll also need the service principal's sign-in credentials and
the tenant ID associated with the service principal. To get the service principal's credentials as
the appropriate object, use the
Get-Credential cmdlet. This
cmdlet will display a dialog box to enter the service principal user ID and password into.
$pscredential = Get-Credential
Connect-AzureRmAccount -ServicePrincipal -Credential $pscredential -TenantId $tenantid
Sign in using an Azure Managed Service Identity
Managed identities for Azure resources is a feature of Microsoft Entra ID. You can use a managed identity service principal for sign-in, and acquire an app-only access token to access other resources. Managed identities are only available on virtual machines running in an Azure cloud.
For more information about managed identities for Azure resources, see How to use managed identities for Azure resources on an Azure VM to acquire an access token.
Sign in as a Cloud Solution Provider (CSP)
A Cloud Solution Provider (CSP) sign-in requires
the use of TenantId
. Normally, this parameter can be provided as either a tenant ID or a domain
name. However, for CSP sign-in, it must be provided a tenant ID.
Connect-AzureRmAccount -TenantId '00000000-0000-0000-0000-000000000000'
Sign in to another Cloud
Azure cloud services offer environments compliant with regional data-handling regulations. For
accounts in a regional cloud, set the environment when you sign in with the -Environment
argument.
For example, if your account is in the China cloud:
Connect-AzureRmAccount -Environment AzureChinaCloud
The following command gets a list of available environments:
Get-AzureRmEnvironment | Select-Object -Property Name
Learn more about managing Azure role-based access
For more information about authentication and subscription management in Azure, see Manage Accounts, Subscriptions, and Administrative Roles.
Azure PowerShell cmdlets for role management: