Everyone having experience running Azure CLI and PowerShell scripts locally know that it can be challenging at times… especially the login process is kind of cumbersome. That’s why I came up with this initiative to build a set of scripts you can choose from to simplify your signing experience and ensure a smooth fit and finish for you!
Let’s first start off with a few fun facts:
Az CLI vs Az PowerShell
Did you know Az CLI is based off of Python, yet the CLI in portal will open a BASH shell(similar to a shell found on a Linux/Mac OSX computer), and on a Windows PC, you can call the Az CLI commands in PowerShell too?
And did you know Az PowerShell (Through PowerShell Core) works well on Windows, Linux and, Mac OSX?
Now let’s head on talking local logins.
For the testing, I will be using the Powershell terminal, however, an IDE like Visual Studio Code will give you the same experience.
Option 1 The Manual Way:
Import the PowerShell module for Azure and run “Connect-AzAccount”.
It will look like this.
You will now see a popup which allows you to signin:
After signing in, you select a subscription like below, whereafter are now signed in to Azure via the PowerShell module
Hereafter, if the Azure CLI is installed run “az login” to login to the Azure CLI. Repeat the steps above
Note:
Alternatively, you could supply the Connect-AzAccount with ‘-UseDeviceAuthentication’.
As well as the az login with the ‘–use-device-code’
This allows you to click on a link, enter the code specified in the terminal, and then signin by choosing your account, This might save time if you are already signed in from your browser.
Option 2, Why not Automate?:
It does the same, via PowerShell, but also checks if you are signed in already and then ignores a retry.
Feel free to remove the ‘UseDeviceAuthentication’ and ‘use-device-code’ flags if they are not convenient for you
It looks like this:
# More scripts alike this one can be found here
param(
[string]$tenant #ReplaceMe with your tenant
)
function ExplicitLogin {
param (
[bool]$isCLI=$false
)
if(-not $isCli){
Write-Output "Attempting explicit Azure Powershell login to Tenant: $tenant"
Connect-AzAccount -UseDeviceAuthentication -TenantId $tenant
} else {
# Try to log in explicitly with the specified scope
Write-Output "Attempting explicit Azure CLI login with scope: $tenant"
az login --use-device-code --tenant $tenant
}
}
function ClearAzAccountCache {
param(
[bool]$isCLI=$false
)
if(-not $isCLI){
# Clear any cached Azure account information
Write-Output "Clearing Azure Powershell account cache..."
Clear-AzContext -Force
} else {
# Clear any cached Azure account information
Write-Output "Clearing Azure CLI account cache..."
az account clear
}
}
#Running all AzPowerShellLogincheck
try {
$groupcheck = Get-AzResourceGroup | Out-Null
if ($groupCheck.Count -eq 0) {
Write-Output "No active Azure CLI session detected. Attempting login..."
ExplicitLogin
}
}
catch {
# If there's an authentication error, clear cache and log in again
Write-Output "Authentication error detected. Clearing cache. Please rerun the script!"
ClearAzAccountCache
ExplicitLogin
}
#Running all AzCliLogincheck
try {
# Check if the user is logged in
$groupCheck = az group list --output none
if ($groupCheck.Count -eq 0) {
Write-Output "No active Azure CLI session detected. Attempting login..."
ExplicitLogin($true)
} else {
Write-Output "Azure CLI session is active."
}
} catch {
# If there's an authentication error, clear cache and log in again
Write-Output "Authentication error detected. Clearing cache. Please rerun the script!"
ClearAzAccountCache($true)
}
Conclusion:
There is not just one way to sign into Azure and there is definitely not a right or a wrong here the main thing to keep in mind is that you should pick the method that works for you give it a try and see which one you like best.
Leave a Reply