The PowerShell cmdlet Save-AzureRmProfile allows you save your Azure credentials in a JavaScript object notation (JSON) file, which enables you to sign into Azure automatically with the Select-AzureRmProfile cmdlet without entering the account name and password.

Derek Schauland

Derek Schauland has been working in IT for more than 20 years. For almost as long, he has been authoring technical articles to help others learn about new technologies. Derek is a multiyear Microsoft MVP in Cloud and Datacenter Management.

Latest posts by Derek Schauland (see all)

PowerShell is the best way to manage Azure, because scripting allows you to automate many tasks. For instance, you can push virtual machines to the cloud and turn them on, turn them off, or even schedule them to be turned off (and back on during business hours) to save money.

With the Azure cmdlets for PowerShell, you can do all those things within the Azure Service Manager platform. However, Azure is moving toward the Azure Resource Management (ARM) platform, and a new set of tools and methods is available for working with the fabric. Not all the tools and resources are over there yet, but more are coming all the time. For more info, comparing the old and new tools, please visit this page. In this post, we focus on the new ARM platform, and I assume that you have the AzureRM cmdlets installed.

Log in to Azure with Login-AzureRmAccount ^

To use any of the cmdlets in the AzureRM module, you need to log in. This requires that you have an Azure subscription. Of course, the main reason you need to sign in isn’t because Microsoft just wants to know who uses its cloud, but you are also supposed to pay for the resources you use.

To see whether you are logged in or not, you can run the Get-AzureRmResourceGroup cmdlet, which allows you see the number of resource groups with their names in your subscription. If you didn’t sign in, you will receive the error message Run Login-AzureRmAccount to login.

Error message indicates that you are not logged in.

Error message indicates that you are not logged in.

When I run Login-AzureRmAccount, I see a dialog like the one below, asking for credentials:

Signing in to Azure

Signing in to Azure

This will log me in to the specified Azure account and display information about my subscription as shown below:

Successful sign in to Azure

Successful sign in to Azure

Now that I’m logged in, I can use Get-AzureRmresourceGroup to view my Azure resources with PowerShell:

Select Resource Group name after profile-based login

Select Resource Group name after profile-based login

Saving credentials with Save-AzureRmProfile ^

A downside of the method described above is that you always have to enter your credentials before you start working with Azure. A more convenient way is to store your credentials in a file:

This will create the file azureprofile.json, which contains all the login information for your Azure account.

Important Note: This file is a plain-text JSON file. If an unauthorized person gains access to this file, it would compromise your Azure account, and this person could use Azure resources on your costs. Thus, you should treat the file like cash.

Obviously, we have a clear case where you have to weigh security against convenience. However, the advantage of storing your credentials in a JSON file is not just that you can quickly sign in; it also allows you to authenticate easily from within your PowerShell scripts.

Logging in with Select-AzureRmProfile ^

Logging in with the profile is as easy as calling the Select-AzureRmProfile cmdlet, passing the JSON file you saved previously:

After you log in, Azure will display some information about your subscription:

Successful log in with Select-AzureRmProfile

Successful log in with Select-AzureRmProfile

One thing to note: You can work with only one profile at a time, because it is tied to the subscription. If you want to work with multiple subscriptions simultaneously, you will need to build and select another profile.

For each subscription you work with, follow these steps:

  1. Log in to the Azure subscription with Login-AzureRmAccount.
  2. Save a profile for that subscription as a JSON file with Save-AzureRmProfile -path “c:\folder\contoso-profile.json”.
  3. Import the profile for the subscription you are accessing with Select-AzureRmProfile -path “c:\folder\contoso-profile.json”.

Once you create and store the profiles, logging in is as easy as importing the JSON file for the subscription you need.

To keep customer data segregated from other customers (because subscriptions are separated by tenants), only one subscription may be active at a time in a single session; however, you can log in to multiple subscriptions by using multiple PowerShell sessions.

That’s all there is to it.  Now you can use all the PowerShell cmdlets in the AzureRM module to work with your subscription(s).

Win the monthly 4sysops member prize for IT pros

Share
0

Related Posts

13 Comments
  1. Trevor Sullivan 2 years ago

    If you install the AzureExt module on the PowerShell Gallery, there's a command called Start-AzureRM that handles this for you.

    Cheers,
    Trevor Sullivan
    Microsoft MVP: PowerShell

    0

  2. Derek Schauland 2 years ago

    Thanks for the tip Trevor.  It's amazing how fast these features morph into better versions of themselves with the help of the community.

     

    -Derek

    0

  3. Kevin 1 year ago

    I was going mad with automation accounts and run books.  We had this working in Classic Azure (ASM) using publish settings (Import-AzurePublishSettingsFile) but couldn't find anything in ARM.

    This means we can rework the old scripts which had considerable error checking and email alerts built-in and re-use for new ARM deployments.

    0

  4. Paul Sheldon 1 year ago

    Trevor, I'm following the steps above but for some reason, after what looks like a successful login (the environment, Account, TenentId etc are all listed) I then run another command such as Get-AzureRmResourceGroup immediately and I still get the "Run Login-AzureRmAccount to login" error.  Any ideas what this might be?

    2+

  5. David 9 months ago

    Thank you!  This has worked very well for me, but I have one issue I'm trying to resolve with the lifetime of the saved credentials.  I'm trying to find a way to check the imported credentials (from the .json file) to see if they're still valid, and then call Login-AzureRmAccount, and Save-AzureRmProfile to update the credentials when they expire.  Have you found a way to handle this scenario?

    3+

  6. Ed 8 months ago

    Is there a simple way to get the Azure account name?  i.e. the Email address used to authenticate for a logged-in user?

    0

    • Ed 8 months ago

      I'd like to add it to a variable - just the user name.

      0

  7. Ali Khan 8 months ago

    Thank you, this helped me tremendously.

    0

  8. Guy Leech 6 months ago

    It now seems to be Save-AzureRmContext and Import-AzureRmContext

    0

  9. Stephen Dillon 6 months ago

    I followed the instructions and validated the profile but receive the following error. "The Azure Powershell session has not been properly installed. Please import the module and try again." Troubleshooting this online seems to direct me to seek a solution that will allow me to login to the RM account but that's what I want to do with this.

    0

  10. Murali 5 months ago

    Firstly, Thanks for the Article.
    Will I get to regularly refresh the token even if i save the credentials ? Will the token in profile ever expire ? If yes, how often does it happen ?

    0

  11. Suresh Udhayakumar 2 months ago

    nope not helped

    Save-AzureRmProfile : The term 'Save-AzureRmProfile' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name,
    or if a path was included, verify that the path is correct and try again.
    At line:1 char:1
    + Save-AzureRmProfile -Path c:\New folder\azureprofile.json
    + ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Save-AzureRmProfile:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    0

Leave a reply to Murali Click here to cancel the reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account