Connect-AzAccount Cmdlet Explained With Examples

Do you want to connect to your AzAccount or Azure subscription but are not sure what cmdlet to use? You need the Connect-AzAccount cmdlet, and this guide teaches you all about this cmdlet.

Overview

The Connect-AzAccount cmdlet is part of the Az.Accounts PowerShell module. So, if you try to run this command without installing this module, you’ll receive an error message – see the screenshot below.

Meanwhile, this cmdlet connects you to an Azure tenant with an authenticated account. Once you connect to Azure with the Connect-AzAccount cmdlet, you can use the other cmdlets in the Az PowerShell module.

In the last paragraph, I mentioned that you need an authenticated account to use Add-AzAccount to connect to Azure. Based on this, it is recommended to use the Get-Credential command to save your authenticated credentials in a variable.

Then, use the -Credential parameter of the Connect-AzAccount cmdlet to connect to your Azure tenant.

With the basics out of the way, let’s move on to this article’s juicy parts!

How to Install the Az.Accounts PowerShell Module

In this article, I have mentioned more than once that you need to install Az.Accounts PowerShell module before you can use the Login-AzAccount cmdlet.

Follow the steps below to install the Az.Accounts PowerShell module.

1. Seach PowerShell. Then, from the search results, click Run as Administrator. Your Windows PC will ask you to allow the app to make changes to your PC – click Yes.

2. Then, when PowerShell opens, copy and paste the command below. Then, press the enter key on your keyboard to run the command.

Install-Module -Name Az.Accounts -Force

When PowerShell finishes installing the module, when you run the Login-AzAccount command, PowerShell will prompt you for your credentials.

However, before we start playing around with this cmdlet, let’s learn its syntaxes and parameters first. I will cover these in the next two sections.

Get-Alias | ? {$_.Name -like "*AzAccount*"} | Select-Object name, ReferencedCommand

Here is the screenshot of the result of the command. I have highlighted the part of the result that shows that Login-AzAccount and Add-AzAccount are the aliases of Connect-AzAccount.

Syntaxes of the Connect-AzAccount Cmdlet

The Connect-AzAccount cmdlet has seven syntaxes. Here they are…

Connect-AzAccount
       [-Environment <String>]
       [-Tenant <String>]
       [-AccountId <String>]
       [-Subscription <String>]
       [-AuthScope <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-UseDeviceAuthentication]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Connect-AzAccount
       [-Environment <String>]
       -Credential <PSCredential>
       [-ServicePrincipal]
       -Tenant <String>
       [-Subscription <String>]
       [-AuthScope <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Connect-AzAccount
       [-Environment <String>]
       -ApplicationId <String>
       [-SendCertificateChain]
       -CertificateThumbprint <String>
       [-ServicePrincipal]
       -Tenant <String>
       [-Subscription <String>]
       [-AuthScope <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Connect-AzAccount
       [-Environment <String>]
       -ApplicationId <String>
       [-SendCertificateChain]
       -CertificatePath <String>
       [-CertificatePassword <SecureString>]
       [-ServicePrincipal]
       -Tenant <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Connect-AzAccount
       [-Environment <String>]
       -ApplicationId <String>       
       -FederatedToken <String>
       [-ServicePrincipal]
       -Tenant <String>
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Connect-AzAccount
       [-Environment <String>]
       [-Tenant <String>]
       -AccessToken <String>
       -AccountId <String>
       [-KeyVaultAccessToken <String>]
       [-GraphAccessToken <String>]
       [-MicrosoftGraphAccessToken <String>]
       [-Subscription <String>]
       [-ContextName <String>]
       [-SkipValidation]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Connect-AzAccount
       [-Environment <String>]
       [-Tenant <String>]
       [-AccountId <String>]
       [-Identity]
       [-Subscription <String>]
       [-AuthScope <String>]
       [-ContextName <String>]
       [-SkipContextPopulation]
       [-MaxContextPopulation <Int32>]
       [-Force]
       [-Scope <ContextModificationScope>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

The first syntax of the Connect-AzAccount, Login-AzAccount, or Add-AzAccount cmdlet is the basic syntax with one unique parameter – UseDeviceAuthentication. What differentiates the first from the second syntax is the presence of Credential and ServicePrincipal parameters in the second syntax.

However, it is important to mention that the second syntax does not include the UseDeviceAuthentication parameter.

Moving on to the third syntax, this syntax is essentially different from the first and second syntaxes. Specifically, the third syntax does not include the Credential, but it includes the ServicePrincipal parameter.

However, it includes three new parameters not found in the first two syntaxes – ApplicationId, SendCertificateChain, and CertificateThumbprint.

Like the third parameter, the fourth syntax also includes the ApplicationId, SendCertificateChain, and ServicePrincipal parameters. In addition to these three parameters shared with the third syntax, this syntax has two more unique parameters – CertificatePath and CertificatePassword.

That brings us to the fifth syntax of the Connect-AzAccount cmdlet. This syntax shares the ApplicationId and ServicePrincipal parameters with the third and fought parameters. However, the fifth syntax has one parameter unique to it – FederatedToken.

As you may have noted, the third, fought, and fifth syntaxes of the Connect-AzAccount cmdlet share some common parameters. However, the sixth and seventh syntaxes are unique, with no parameter common to the rest syntaxes.

Specifically, the sixth has five unique parameters – AccessToken, AccountId, KeyVaultAccessToken, GraphAccessToken, and MicrosoftGraphAccessToken. Finally, the seventh syntax of the Connect-AzAccount cmdlet also has AccountId but includes a unique Identity parameter.

To make it easier to understand the differences in the syntaxes, I have summarised them in the table below:

Parameters of the Connect-AzAccount Cmdlet Explained

In the last section, I listed and explained the seven syntaxes of the Connect-AzAccount cmdlet. In the table below, I have explained the parameters that make up the syntaxes of the command.

Applications and Examples of the Connect-AzAccount Cmdlet

Now that you’ve some information about the Connect-AzAccount cmdlet, it is time to dive into some applications and examples.

In the following sub-sections of this section, I have discussed some examples and applications of this Azure cmdlet.

1. Fix the Connect-AzAccount Not Recognized Error

In the overview section of this article, I mentioned that if you run the Connect-AzAccount command without installing the Az.Accounts PowerShell module you will receive the “Connect-AzAccount Not recognized” error. Based on this, earlier in this article, I discussed How To Install The Az.Accounts PowerShell Module.

So, the reason you receive the “Connect-AzAccount Not recognized” error is that you’ve not installed the Az.Accounts PowerShell module. To fix this error and run the Connect-AzAccount command successfully, open powershell as administrator.

Then, run the command below:

Install-Module -Name Az.Accounts -Force

Once you’ve installed this module, you can run the Connect-AzAccount command without receiving the “Connect-AzAccount Not recognized” error.

2. Avoid Azure Browser Authentication When You Run Login-AzAccount

If you run the Connect-AzAccount command without specifying the Credential parameter, PowerShell will open a login authentication link on your default browser.

To avoid this happening, you must specify the Credential parameter in your command. To connect to your Azure tenant and avoid Azure opening a browser for authentication, use the following commands.

$AzureUser = "[email protected]"
$Password = ConvertTo-SecureString -String "<Password>" -AsPlainText -Force
$AzureTenant = "<tenant id>"
$Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $AzureUser,$Password
Connect-AzAccount -Credential $Credential -Tenant $AzureTenant

When I ran the last command in my script, I received the “You must use multi-factor authentication to access tenant xxx” error message. To fix this problem, you need to turn off “Enable security defaults” in your Azure portal.

See the next subsection for the steps to fix this error. Once you have turned off “Enable security defaults” in your Azure portal, re-run the commands below and you should be able to connect to Azure with Connect-AzAccount successfully.

$AzureUser = "[email protected]"
$Password = ConvertTo-SecureString -String "<Password>" -AsPlainText -Force
$AzureTenant = "<tenant id>"
$Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $AzureUser,$Password
Connect-AzAccount -Credential $Credential -Tenant $AzureTenant

Here are the results of the commands in my above script. As you can see, because I included the Credential parameter to the Connect-AzAccount command, PowerShell did not need to open a browser to request authentication.

3. Fix the Connect-AzAccount Command’s “You must use multi-factor authentication to access tenant” Error

To fix the “You must use multi-factor authentication to access tenant” Connect-AzAccount error, you must turn off “Enable security defaults” in your Azure portal. Follow the steps below to disable “Enable security defaults” in your Azure portal.

1. Open the Azure portal URL – https://aad.portal.azure.com/
2. Then, enter your Azure login email and click Next.

3. When the next page loads, enter your Azure password and click Next. Since you have 2FA enabled, Microsoft will request 2FA authentication.
   
   Complete that process and proceed to step 4 below.

4. Once you sign in to the Azure Portal successfully, on the left pane, click Azure Active Directory.

5. Then, when Azure Active Directory opens, click the Properties tab.

6. When the Properties tab opens, scroll down toward the bottom and click Manage security defaults.

7. Finally, on the “Enable security defaults” pop-out, toggle the Enable security defaults button from Yes to No. Then, select a reason for turning this feature off and click Save – see the second screenshot below.

Once you’ve disabled “Enable security defaults” in your Azure portal, you can run the Connect-AzAccount command without any problems. Here is the script from the last sub-section’s example.

$AzureUser = "[email protected]"
$Password = ConvertTo-SecureString -String "<Password>" -AsPlainText -Force
$AzureTenant = "<tenant id>"
$Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $AzureUser,$Password
Connect-AzAccount -Credential $Credential -Tenant $AzureTenant

And here are the results of the commands…

4. List All Azure Subscriptions After Connecting With Connect-AzAccount

In the last two examples I showed you how to connect to Azure using the Connect-AzAccount command. After you connect to Azure via PowerShell, you may want to list all available subscriptions in your Azure account.

To list all subscriptions in your Azure tenant, run the command below:

Get-AzSubscription

The command displays all the subscriptions. The subscription IDs are listed in the Id column of the result of the command.

5. Change Azure Subscription After Connecting With Connect-AzAccount

In the last example, I showed you how to list all Azure subscriptions with the Get-AzSubscription command. After listing all available subscriptions, use the Set-AzContext command to change to one of the listed subscriptions.

Here is a sample command….

Set-AzContext -Subscription "<subscription Id>"

Frequently Asked Questions

Conclusion

The Connect-AzAccount cmdlet is an important cmdlet that all Azure SysAdmins must learn how to use. Based on this, I decided to write this article that explains this all-important Azure PowerShell command.

I started the article with an overview of the Connect-AzAccount cmdlet. Then, I explained how to install the Az.Accounts PowerShell Module – required to have the Connect-AzAccount cmdlet on your PC.

After that, I discussed the syntaxes and parameters of this cmdlet before I ended the article with a few examples and applications.

I hope I made it easy for you to understand this Azure cmdlet. If I made your day, click on “Yes” beside the “Was this page helpful” question below.

You may also express your thoughts and opinions by using the “Leave a Comment” form at the bottom of this page.

Alternatively, you can keep improving your PowerShell skills by reading more Windows PowerShell Explained guides.