Home » Technology Explained » Windows PowerShell Explained

Connect-AzAccount Cmdlet Explained With Examples

Photo of author

By Victor Ashiedu

Published

Do you want to connect to your AzAccount or Azure subscription but are not sure what cmdlet to use? You need the Connect-AzAccount cmdlet, and this guide teaches you all about this cmdlet.

Login-AzAccount and Add-AzAccount are aliases of Connect-AzAccount. So, I will use the three cmdlets interchangeably in this article.

Overview

The Connect-AzAccount cmdlet is part of the Az.Accounts PowerShell module. So, if you try to run this command without installing this module, you’ll receive an error message – see the screenshot below.

Meanwhile, this cmdlet connects you to an Azure tenant with an authenticated account. Once you connect to Azure with the Connect-AzAccount cmdlet, you can use the other cmdlets in the Az PowerShell module.

In the last paragraph, I mentioned that you need an authenticated account to use Add-AzAccount to connect to Azure. Based on this, it is recommended to use the Get-Credential command to save your authenticated credentials in a variable.

Then, use the -Credential parameter of the Connect-AzAccount cmdlet to connect to your Azure tenant.

With the basics out of the way, let’s move on to this article’s juicy parts!

How to Install the Az.Accounts PowerShell Module

In this article, I have mentioned more than once that you need to install Az.Accounts PowerShell module before you can use the Login-AzAccount cmdlet.

Follow the steps below to install the Az.Accounts PowerShell module.

  1. Seach PowerShell. Then, from the search results, click Run as Administrator. Your Windows PC will ask you to allow the app to make changes to your PC – click Yes.
  1. Then, when PowerShell opens, copy and paste the command below. Then, press the enter key on your keyboard to run the command. 
Install-Module -Name Az.Accounts -Force

When PowerShell finishes installing the module, when you run the Login-AzAccount command, PowerShell will prompt you for your credentials.

Connect-AzAccount Cmdlet Explained With Examples - How To Install The Az.Accounts PowerShell Module

However, before we start playing around with this cmdlet, let’s learn its syntaxes and parameters first. I will cover these in the next two sections.

Earlier, I mentioned that the Connect-AzAccount cmdlet has two other aliases – Login-AzAccount and Add-AzAccount. Now that you have installed the Az.Accounts module, you can run the command below to confirm that Login-AzAccount and Add-AzAccount are the aliases of Connect-AzAccount.
Get-Alias | ? {$_.Name -like "*AzAccount*"} | Select-Object name, ReferencedCommand

Here is the screenshot of the result of the command. I have highlighted the part of the result that shows that Login-AzAccount and Add-AzAccount are the aliases of Connect-AzAccount.

Syntaxes of the Connect-AzAccount Cmdlet

The Connect-AzAccount cmdlet has seven syntaxes. Here they are…

I understand that looking at the seven syntaxes presents a problem. Specifically, it is difficult to understand the differences between the syntaxes. So, after the syntaxes, I have provided a brief explanation of what differentiates the syntaxes. 
Connect-AzAccount
       [-Environment <String>]
       [-Tenant <String>]
       [-AccountId <String>]
       [-Subscription <String>]
       [-AuthScope <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-UseDeviceAuthentication]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzAccount
       [-Environment <String>]
       -Credential <PSCredential>
       [-ServicePrincipal]
       -Tenant <String>
       [-Subscription <String>]
       [-AuthScope <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzAccount
       [-Environment <String>]
       -ApplicationId <String>
       [-SendCertificateChain]
       -CertificateThumbprint <String>
       [-ServicePrincipal]
       -Tenant <String>
       [-Subscription <String>]
       [-AuthScope <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzAccount
       [-Environment <String>]
       -ApplicationId <String>
       [-SendCertificateChain]
       -CertificatePath <String>
       [-CertificatePassword <SecureString>]
       [-ServicePrincipal]
       -Tenant <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzAccount
       [-Environment <String>]
       -ApplicationId <String>       
       -FederatedToken <String>
       [-ServicePrincipal]
       -Tenant <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzAccount
       [-Environment <String>]
       [-Tenant <String>]
       -AccessToken <String>
       -AccountId <String>
       [-KeyVaultAccessToken <String>]
       [-GraphAccessToken <String>]
       [-MicrosoftGraphAccessToken <String>]
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipValidation]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Connect-AzAccount
       [-Environment <String>]
       [-Tenant <String>]
       [-AccountId <String>]
       [-Identity]
       [-Subscription <String>]
       [-AuthScope <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

The first syntax of the Connect-AzAccount, Login-AzAccount, or Add-AzAccount cmdlet is the basic syntax with one unique parameter – UseDeviceAuthentication. What differentiates the first from the second syntax is the presence of Credential and ServicePrincipal parameters in the second syntax.

However, it is important to mention that the second syntax does not include the UseDeviceAuthentication parameter.

Moving on to the third syntax, this syntax is essentially different from the first and second syntaxes. Specifically, the third syntax does not include the Credential, but it includes the ServicePrincipal parameter.

However, it includes three new parameters not found in the first two syntaxes – ApplicationId, SendCertificateChain, and CertificateThumbprint.

Like the third parameter, the fourth syntax also includes the ApplicationId, SendCertificateChain, and ServicePrincipal parameters. In addition to these three parameters shared with the third syntax, this syntax has two more unique parameters – CertificatePath and CertificatePassword.

That brings us to the fifth syntax of the Connect-AzAccount cmdlet. This syntax shares the ApplicationId and ServicePrincipal parameters with the third and fought parameters. However, the fifth syntax has one parameter unique to it – FederatedToken.

As you may have noted, the third, fought, and fifth syntaxes of the Connect-AzAccount cmdlet share some common parameters. However, the sixth and seventh syntaxes are unique, with no parameter common to the rest syntaxes.

Specifically, the sixth has five unique parameters – AccessToken, AccountId, KeyVaultAccessToken, GraphAccessToken, and MicrosoftGraphAccessToken. Finally, the seventh syntax of the Connect-AzAccount cmdlet also has AccountId but includes a unique Identity parameter.

To make it easier to understand the differences in the syntaxes, I have summarised them in the table below:

Connect-AzAccount SyntaxUnique Parameters and Notes
First syntaxThe first syntax has the basic parameters of the Connect-AzAccount cmdlet with one unique parameter – UseDeviceAuthentication.
Second syntaxThis syntax has two unique parameters – Credential and ServicePrincipal.
Third syntaxThe third parameter shares the ServicePrincipal parameter with the second parameter. In addition to that, it has the following unique parameters – ApplicationIdSendCertificateChain, and CertificateThumbprint.
Fought syntaxSyntax number four shares ApplicationIdSendCertificateChain, and ServicePrincipal parameters with the third syntax. However, it has some of its unique parameters – CertificatePath and CertificatePassword.
Fifth syntaxThe fifth syntax of the Connect-AzAccount cmdlet shares the ApplicationId and ServicePrincipal parameters with the third and fought parameters. Additionally, the FederatedToken parameter is unique to this syntax.
Sixth syntaxThe sixth has five unique parameters – AccessToken, AccountId, KeyVaultAccessToken, GraphAccessToken, and MicrosoftGraphAccessToken.
Seventh syntaxIt also has the AccountId parameter but includes a unique Identity parameter.

Parameters of the Connect-AzAccount Cmdlet Explained

In the last section, I listed and explained the seven syntaxes of the Connect-AzAccount cmdlet. In the table below, I have explained the parameters that make up the syntaxes of the command.

I did not include the WhatIf and CommonParameters parameters as they are not unique to the Connect-AzAccount cmdlets. The WhatIf and CommonParameters parameters are available in all Cmdlets. Similarly, I also left out the Confirm parameter.
Connect-AzAccount Parameter NameParameter Meaning/Notes
EnvironmentThe Environment parameter specifies the environment of the Azure account.
TenantUse the Tenant parameter to specify the ID or name of the Azure Tenant you wish to connect to.
AccountIdWhen you specify the AccountId parameter, enter the Azure Account Id, User Id, or the User Name of the account you want to sign in with.
SubscriptionUse this parameter to specify the Azure Subscription
AuthScopeThis parameter specifies an optional OAuth scope for login. The AuthScope parameter of the Connect-AzAccount cmdlet accepts any of the following: AadGraph, AnalysisServices, Attestation, Batch, DataLake, KeyVault, OperationalInsights, Storage, Synapse.
ContextNameUse the ContextName parameter to specify the name of the default Azure context for the current login with Connect-AzAccount.
SkipContextPopulationThis is a SwitchParameter, which means that it does not require any input. When you specify the SkipContextPopulation parameter, Connect-AzAccount skips populating context if no contexts are found.
MaxContextPopulationUse the MaxContextPopulation parameter to specify the Max subscription number to populate contexts after login. The default number of contexts populated is 25. However, if you want Connect-AzAccount to populate all subscriptions to contexts, set to MaxContextPopulation to -1.
UseDeviceAuthenticationWhen you specify the UseDeviceAuthentication SwitchParameter, the Connect-AzAccount cmdlet uses device code authentication instead of browser control.
ForceThe Force parameter is a SwitchParameter, which means that it does not require input. When you specify the Force parameter, the cmdlet overwrites the existing context with the same name without prompting.
ScopeThe Scope parameter determines the scope of context changes the login session makes to the Azure tenant.
DefaultProfileUse the DefaultProfile parameter to define the account, tenant, credentials, and subscription used for communication with Azure.
CredentialConnecting to an Azure account requires you to use the right permissions. Use the Credential parameter to specify the username and password to access your Azure tenant account.
ServicePrincipalThis parameter works side-by-side with the Credential parameter. When you specify the ServicePrincipal switch parameter, Connect-AzAccount authenticates your accounts using the service principal credentials you provided.
ApplicationIdUse the ApplicationId parameter to specify the Application ID of the service principal.
CertificateThumbprintThis parameter of Connect-AzAccount cmdlet specifies a Certificate Hash or Thumbprint.
SendCertificateChainSpecifies if the x5c claim (public key of the certificate specified with the CertificateThumbprint parameter) should be sent to the STS to achieve easy certificate rollover in Azure AD.
CertificatePathUse the CertificatePath parameter to specify the path of the certificate file in pkcs#12 format.
CertificatePasswordIf the certificate you specified with the CertificatePath parameter is passworded, use the CertificatePassword parameter to specify the certificate password.
FederatedTokenUse the FederatedToken parameter to specify a token provided by another identity provider. Before you use this parameter, you must first configure the token issuer and subject in this token to be trusted by the ApplicationId.
AccessTokenSpecifies an access token.
KeyVaultAccessTokenUse the KeyVaultAccessToken parameter of the Connect-AzAccount cmdlet to specify the AccessToken for KeyVault Service.
GraphAccessTokenThe GraphAccessToken parameter specifies the AccessToken for Graph Service.
MicrosoftGraphAccessTokenUse the MicrosoftGraphAccessToken parameter of the Connect-AzAccount cmdlet to specify the Access token to Microsoft Graph.
IdentityThe Identity parameter allows you to log in using a Managed Service Identity.

Applications and Examples of the Connect-AzAccount Cmdlet

Now that you’ve some information about the Connect-AzAccount cmdlet, it is time to dive into some applications and examples.

In the following sub-sections of this section, I have discussed some examples and applications of this Azure cmdlet.

1. Fix the Connect-AzAccount Not Recognized Error

In the overview section of this article, I mentioned that if you run the Connect-AzAccount command without installing the Az.Accounts PowerShell module you will receive the “Connect-AzAccount Not recognized” error. Based on this, earlier in this article, I discussed How To Install The Az.Accounts PowerShell Module.

So, the reason you receive the “Connect-AzAccount Not recognized” error is that you’ve not installed the Az.Accounts PowerShell module. To fix this error and run the Connect-AzAccount command successfully, open powershell as administrator.

Then, run the command below:

Install-Module -Name Az.Accounts -Force
Your PC MUST be connected to the internet to run the command.

Once you’ve installed this module, you can run the Connect-AzAccount command without receiving the “Connect-AzAccount Not recognized” error.

2. Avoid Azure Browser Authentication When You Run Login-AzAccount

If you run the Connect-AzAccount command without specifying the Credential parameter, PowerShell will open a login authentication link on your default browser.

How To Avoid Azure Browser Authentication When You Run Connect-AzAccount

To avoid this happening, you must specify the Credential parameter in your command. To connect to your Azure tenant and avoid Azure opening a browser for authentication, use the following commands.

$AzureUser = "[email protected]"
$Password = ConvertTo-SecureString -String "<Password>" -AsPlainText -Force
$AzureTenant = "<tenant id>"
$Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $AzureUser,$Password
Connect-AzAccount -Credential $Credential -Tenant $AzureTenant
Replace “[email protected]” with your azure username, “<tenant id>” with your Azure tenenat ID. Also, replace “<Password>” with your account’s password. Run the commands one at a time, starting with the first command.

When I ran the last command in my script, I received the “You must use multi-factor authentication to access tenant xxx” error message. To fix this problem, you need to turn off “Enable security defaults” in your Azure portal.

See the next subsection for the steps to fix this error. Once you have turned off “Enable security defaults” in your Azure portal, re-run the commands below and you should be able to connect to Azure with Connect-AzAccount successfully.

$AzureUser = "[email protected]"
$Password = ConvertTo-SecureString -String "<Password>" -AsPlainText -Force
$AzureTenant = "<tenant id>"
$Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $AzureUser,$Password
Connect-AzAccount -Credential $Credential -Tenant $AzureTenant

Here are the results of the commands in my above script. As you can see, because I included the Credential parameter to the Connect-AzAccount command, PowerShell did not need to open a browser to request authentication.

3. Fix the Connect-AzAccount Command’s “You must use multi-factor authentication to access tenant” Error

To fix the “You must use multi-factor authentication to access tenant” Connect-AzAccount error, you must turn off “Enable security defaults” in your Azure portal. Follow the steps below to disable “Enable security defaults” in your Azure portal.

  1. Open the Azure portal URL – https://aad.portal.azure.com/
  2. Then, enter your Azure login email and click Next.
Follow the steps below to disable "Enable security defaults" in your Azure portal.
  1. When the next page loads, enter your Azure password and click Next. Since you have 2FA enabled, Microsoft will request 2FA authentication.

    Complete that process and proceed to step 4 below.
How To Avoid Azure Browser Authentication When You Run Connect-AzAccount
Follow the steps below to disable "Enable security defaults" in your Azure portal.
  1. Once you sign in to the Azure Portal successfully, on the left pane, click Azure Active Directory.
How To Avoid Azure Browser Authentication When You Run Connect-AzAccount
  1. Then, when Azure Active Directory opens, click the Properties tab.
Follow the steps below to disable "Enable security defaults" in your Azure portal.
  1. When the Properties tab opens, scroll down toward the bottom and click Manage security defaults.
  1. Finally, on the “Enable security defaults” pop-out, toggle the Enable security defaults button from Yes to No. Then, select a reason for turning this feature off and click Save – see the second screenshot below.

Once you’ve disabled “Enable security defaults” in your Azure portal, you can run the Connect-AzAccount command without any problems. Here is the script from the last sub-section’s example. 

$AzureUser = "[email protected]"
$Password = ConvertTo-SecureString -String "<Password>" -AsPlainText -Force
$AzureTenant = "<tenant id>"
$Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $AzureUser,$Password
Connect-AzAccount -Credential $Credential -Tenant $AzureTenant

And here are the results of the commands…

4. List All Azure Subscriptions After Connecting With Connect-AzAccount

In the last two examples I showed you how to connect to Azure using the Connect-AzAccount command. After you connect to Azure via PowerShell, you may want to list all available subscriptions in your Azure account.

To list all subscriptions in your Azure tenant, run the command below:

Before you run the command below, you must run the Connect-AzAccount command first. 
Get-AzSubscription

The command displays all the subscriptions. The subscription IDs are listed in the Id column of the result of the command.

5. Change Azure Subscription After Connecting With Connect-AzAccount

In the last example, I showed you how to list all Azure subscriptions with the Get-AzSubscription command. After listing all available subscriptions, use the Set-AzContext command to change to one of the listed subscriptions.

Here is a sample command….

Set-AzContext -Subscription "<subscription Id>"
Change “<subscription Id>” to the Id of the Azure subscription you want to change to.

Frequently Asked Questions

1. How do I connect to AzAccount?

To connect to AzAccount use the Connect-AzAccount Cmdlet.

2. How do I connect to EXO PowerShell?

Follow the steps below to connect to EXO (Exchange Online) PowerShell:

i) Install the Excahnge Online PowerShell module. To perform this task, open PowerShell as administrator.

Then, run the command below:

Install-Module -Name ExchangeOnlineManagement

ii) Then, load the Excahnge Online PowerShell module by running the command below:

Import-Module ExchangeOnlineManagement

iii) Finally, connect to Exchange Online PowerShell with the Connect-ExchangeOnline command. Here is a sample command…

Connect-ExchangeOnline -UserPrincipalName [email protected]

Note: change [email protected] to the email address you use to connect to Microsoft 365 account.

3. How do I run Azure PowerShell locally?

To run AzureAD PowerShell locally, follow the steps below:

i) Install the AzureAD PowerShell module by running the following command:

Install-Module -Name AzureAD

ii) Then import the AzureAD module to your computer by running the following command:

Import-Module AzureAD

iii) Finally, to confirm that the modules (and all its cmdlets) are available locally (on your computer), run the command below:

Get-Module AzureA

If you want to list all the available AzureAD cmdlets, modify the last command as shown below:

(Get-Module AzureAD).ExportedCommands

4. Are PowerShell and Azure PowerShell the same?

No, PowerShell is NOT the same as Azure PowerShell. While PowerShell is the the “base” command tool for automating Windows tasks, Azure PowerShell is a module that contains PowerShell cmdlets you can use to connect to and manage Azure Active Directory.

5. How do I log into Azure without a browser?

One way to log in to Azure without a browser is to log in with Windows PowerShell. The command you use to connect to Azure depends on what you want to do.

To manage your Azure tenant, use the Connect-AzAccount cmdlet. However, if you want to manage Azure AD (Active Directory), use the Connect-AzureAD cmdlet.

Conclusion

The Connect-AzAccount cmdlet is an important cmdlet that all Azure SysAdmins must learn how to use. Based on this, I decided to write this article that explains this all-important Azure PowerShell command.

I started the article with an overview of the Connect-AzAccount cmdlet. Then, I explained how to install the Az.Accounts PowerShell Module – required to have the Connect-AzAccount cmdlet on your PC.

After that, I discussed the syntaxes and parameters of this cmdlet before I ended the article with a few examples and applications.

I hope I made it easy for you to understand this Azure cmdlet. If I made your day, click on “Yes” beside the “Was this page helpful” question below.

You may also express your thoughts and opinions by using the “Leave a Comment” form at the bottom of this page.

Alternatively, you can keep improving your PowerShell skills by reading more Windows PowerShell Explained guides.

About the Author

Photo of author

Victor Ashiedu

Victor is the founder of InfoPress Media, publishers of Ilifeguides and Itechguides. With 20+ years of experience in IT infrastructure, his expertise spans Windows, Linux, and DevOps. Explore his contributions on Itechguides.com for insightful how-to guides and product reviews.

Related Articles

PowerShell Verbs Explained Overview, How It Works, Types

PowerShell Verbs Explained: Overview, How it Works, Categories

Get-ADObject Command Explained

Get-ADObject Command Explained with Examples

PowerShell ErrorAction Parameter Explained With Examples

PowerShell ErrorAction Parameter Explained with Examples

Get in Touch

We're committed to writing accurate content that informs and educates. To learn more, read our Content Writing Policy, Content Review Policy, Anti-plagiarism Policy, and About Us.

However, if this content does not meet your expectations, kindly reach out to us through one of the following means:

  1. Respond to "Was this page helpful?" above
  2. Leave a comment with the "Leave a Comment" form below
  3. Email us at [email protected] or via the Contact Us page.

3 thoughts on “Connect-AzAccount Cmdlet Explained With Examples”

  1. Great post! The detailed examples you provided on using the Connect-AzAccount cmdlet really helped clarify the process for me. I appreciate how you broke down each step—it made it so much easier to follow along. Thanks for sharing!

    Reply

  2. Great post! The examples really clarified how to use the Connect-AzAccount cmdlet effectively. I especially appreciated the step-by-step breakdown. Looking forward to more such tutorials!

    Reply

  3. Great explanation of the Connect-AzAccount cmdlet! The examples were super helpful in clarifying the usage. I appreciate the step-by-step approach which made it easy to follow along. Looking forward to more posts like this!

    Reply

Leave a comment

Send this to a friend