- Zip and unzip with PowerShell - Fri, Jun 3 2016
- Auto login to Azure with PowerShell - Fri, Apr 29 2016
PowerShell is the best way to manage Azure, because scripting allows you to automate many tasks. For instance, you can push virtual machines to the cloud and turn them on, turn them off, or even schedule them to be turned off (and back on during business hours) to save money.
With the Azure cmdlets for PowerShell, you can do all those things within the Azure Service Manager platform. However, Azure is moving toward the Azure Resource Management (ARM) platform, and a new set of tools and methods is available for working with the fabric. Not all the tools and resources are over there yet, but more are coming all the time. For more info, comparing the old and new tools, please visit this page. In this post, we focus on the new ARM platform, and I assume that you have the AzureRM cmdlets installed.
Log in to Azure with Login-AzureRmAccount
To use any of the cmdlets in the AzureRM module, you need to log in. This requires that you have an Azure subscription. Of course, the main reason you need to sign in isn’t because Microsoft just wants to know who uses its cloud, but you are also supposed to pay for the resources you use.
To see whether you are logged in or not, you can run the Get-AzureRmResourceGroup cmdlet, which allows you see the number of resource groups with their names in your subscription. If you didn’t sign in, you will receive the error message Run Login-AzureRmAccount to login.
Error message indicates that you are not logged in.
When I run Login-AzureRmAccount, I see a dialog like the one below, asking for credentials:
Signing in to Azure
This will log me in to the specified Azure account and display information about my subscription as shown below:
Successful sign in to Azure
Now that I’m logged in, I can use Get-AzureRmresourceGroup to view my Azure resources with PowerShell:
Get-AzureRmresourceGroup | Select ResourceGroupName
Select Resource Group name after profile-based login
Saving credentials with Save-AzureRmProfile
A downside of the method described above is that you always have to enter your credentials before you start working with Azure. A more convenient way is to store your credentials in a file:
Save-AzureRmProfile -Path “c:\folder\azureprofile.json”
This will create the file azureprofile.json, which contains all the login information for your Azure account.
Important Note: This file is a plain-text JSON file. If an unauthorized person gains access to this file, it would compromise your Azure account, and this person could use Azure resources on your costs. Thus, you should treat the file like cash.
Obviously, we have a clear case where you have to weigh security against convenience. However, the advantage of storing your credentials in a JSON file is not just that you can quickly sign in; it also allows you to authenticate easily from within your PowerShell scripts.
Logging in with Select-AzureRmProfile
Logging in with the profile is as easy as calling the Select-AzureRmProfile cmdlet, passing the JSON file you saved previously:
Select-AzureRmProfile -Path “c:\folder\azureprofile.json”
After you log in, Azure will display some information about your subscription:
Successful log in with Select-AzureRmProfile
One thing to note: You can work with only one profile at a time, because it is tied to the subscription. If you want to work with multiple subscriptions simultaneously, you will need to build and select another profile.
For each subscription you work with, follow these steps:
- Log in to the Azure subscription with Login-AzureRmAccount.
- Save a profile for that subscription as a JSON file with Save-AzureRmProfile -path “c:\folder\contoso-profile.json”.
- Import the profile for the subscription you are accessing with Select-AzureRmProfile -path “c:\folder\contoso-profile.json”.
Once you create and store the profiles, logging in is as easy as importing the JSON file for the subscription you need.
To keep customer data segregated from other customers (because subscriptions are separated by tenants), only one subscription may be active at a time in a single session; however, you can log in to multiple subscriptions by using multiple PowerShell sessions.
Subscribe to 4sysops newsletter!
That’s all there is to it. Now you can use all the PowerShell cmdlets in the AzureRM module to work with your subscription(s).
If you install the AzureExt module on the PowerShell Gallery, there’s a command called Start-AzureRM that handles this for you.
Cheers,
Trevor Sullivan
Microsoft MVP: PowerShell
Thanks for the tip Trevor. It’s amazing how fast these features morph into better versions of themselves with the help of the community.
-Derek
I was going mad with automation accounts and run books. We had this working in Classic Azure (ASM) using publish settings (Import-AzurePublishSettingsFile) but couldn’t find anything in ARM.
This means we can rework the old scripts which had considerable error checking and email alerts built-in and re-use for new ARM deployments.
Trevor, I’m following the steps above but for some reason, after what looks like a successful login (the environment, Account, TenentId etc are all listed) I then run another command such as Get-AzureRmResourceGroup immediately and I still get the “Run Login-AzureRmAccount to login” error. Any ideas what this might be?
Thank you! This has worked very well for me, but I have one issue I’m trying to resolve with the lifetime of the saved credentials. I’m trying to find a way to check the imported credentials (from the .json file) to see if they’re still valid, and then call Login-AzureRmAccount, and Save-AzureRmProfile to update the credentials when they expire. Have you found a way to handle this scenario?
Is there a simple way to get the Azure account name? i.e. the Email address used to authenticate for a logged-in user?
I’d like to add it to a variable – just the user name.
Thank you, this helped me tremendously.
It now seems to be Save-AzureRmContext and Import-AzureRmContext
I followed the instructions and validated the profile but receive the following error. “The Azure Powershell session has not been properly installed. Please import the module and try again.” Troubleshooting this online seems to direct me to seek a solution that will allow me to login to the RM account but that’s what I want to do with this.
Firstly, Thanks for the Article.
Will I get to regularly refresh the token even if i save the credentials ? Will the token in profile ever expire ? If yes, how often does it happen ?
nope not helped
Save-AzureRmProfile : The term ‘Save-AzureRmProfile’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name,
or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Save-AzureRmProfile -Path c:\New folder\azureprofile.json
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Save-AzureRmProfile:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
You first have to install the Active Directory module.
Nope its not due to the that. I guess recently there some change.
Select-AzureRmContext
Select-AzureRmSubscription
Only these 2 commands are available under Select* function.
Save-AzureRmProfile -Path $Path
have been replaced by
Save-AzureRmContext -Path $Path
and
Select-AzureRmProfile -Path $Path
have been replaced by
Import-AzureRmContext -Path $Path
Is there a way to connect to AzureAD without prompt?
Hi Ramya,
Azure Managed Identity is one of the solutions for passwordless access to ARM Resources. Let me know more details on the scenario to recommend the exact solution for your requirement.