- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
In my view, the sign-in procedure to the Azure management portal (https://manage.windowsazure.com/) is unnecessarily longwinded. It annoys me every time I have to sign in. Azure is the only cloud service I know that needs three different web pages to authenticate users. The main reason I am unhappy with this is that it doesn’t allow me to use my password management tools to sign in. It appears the developer who is behind this procedure assumes that most IT pros really type their user name and password. At least that is what the first page suggests (see screenshot below).
I don’t know about you, but if I always had to type my credentials when I sign in to a service, I would lose a lot of time every day. It is not just the time I need to type the credentials. If security matters to you, you have a different password for every service, and you use only passwords that are impossible to crack with brute force attacks. If you really can memorize all your passwords, then you most certainly have a severe security problem.
The only secure way I know to always use a secure and different password for each service is to work with a password management tool. My favorite password tool for Windows is KeePass because its database format has become something like an open standard. This means that you can easily sync the database between different devices with different operating systems. I am using KyPass Companion on the Mac and Keepass2Android on my Android phone, always with the same database.
Okay, that was a long prelude for today’s topic. I just wanted to make it clear that I spent some time optimizing my authentication methods, which is why Azure’s inefficient sign-in procedure annoys me.
First, you are supposed to type your email address or phone number:
First step to sign in to Microsoft Azure
Any other cloud service provider would put the password field on the same page. If you think that the password field would follow on the second page after you click Continue, you are wrong:
Second step to sign in to Microsoft Azure
Instead, the “Azure authentication wizard” now wants to know with what kind of account I intend to sign in. You can choose between a Microsoft account or a work/school account. (Microsoft misleadingly calls Office 365 accounts work or school accounts.)
We are now at the core of the problem. Microsoft made a big mistake working with two different directories for its cloud services. Because it is possible that a particular user name exists in both databases, the wizard has to ask with which account you intend to sign in. To be fair, the second page only appears if the account name exists in both directories.
On the last page, you are finally allowed to enter your password:
Third step to sign in to Microsoft Azure
If you think you can bookmark the last page, you are wrong because this is just a temporary URL. You can open the page later, but if you then try to sign in, you will receive the error message “We are having trouble logging you into the portal.” This error message shows up on various occasions. Cookies and third-party browsers appear to be another problem.
Microsoft's dual sign-on is in trouble
Microsoft could improve the Azure “sign-in experience” in several ways. One way would be to let users enter the account name and password on a single page and display a popup box where the user can choose the directory only if the user name exists in both databases. Another option would be to offer two different sign-in pages and only ask users the first time which page they want to be redirected to.
The best way would be to unite those two directories. This would be painful, but it is better than bothering customers again and again. This longwinded sign-in procedure is only one problem. Over the years, I had several issues because my account exists in both directories.
I’m not sure what you mean by this. I may be embarrassing myself with this post. Perhaps there is an official way to avoid the “Azure authentication wizard.” The only way I found is this one:
This URL will also redirect to https://login.live.com/, but after you sign in you will be sent to the Azure profile page:
Azure profile page
It is not really a one-step solution because you have to click the Portal link to get to the Azure Management Portal. But at least this all works without type-type if you have a password management tool. Note that this sign-in method can only be used with Microsoft accounts. You can’t sign in this way with an Office 365 account.
Please let me know if you know a better way to sign in to Azure. Also share your experiences with Microsoft’s “dual sign-in solution.”