Login-AzureRmAccount, Add-AzureRmAccount or Connect-AzureRmAccount, there appears to be a lot of different ways to authenticate to an Azure subscription if you’re using PowerShell!

When in Doubt, use Connect-AzureRmAccount

When I first started working with Azure in PowerShell, I was severely confused. I’d find some articles talking about using Login-AzureRmAccount while others mentioned using Add-AzureRmAccount but few mentioning Connect-AzureRmAccount. Which one do I use in what kind of circumstances? What is going on here?!?

I’m here to tell you if you’re struggling with the same problem I was, the solution is a lot easier than you might expect. Although there may seem to be three different commands to authenticate to Azure with PowerShell, in reality, there’s only one. It is Connect-AzureRmAccount. Both Login-AzureRmAccount and Add-AzureRmAccount are only aliases to the Connect command.

I’m here to tell you to just use Connect-AzureRmAccountand you’ll be good as gold. I don’t recommend using aliases, if possible just because it makes things confusing as you can vouch for. With people using different ways to accomplish the same task, it’s hard to figure out what exactly is happening.


Ready to stop reading and start learning about PowerShell, DSC, Windows Server, Sharepoint, IIS and dozens of other categories? If so, check out the hundreds of free technical demo screencasts available on the new, IT career development platform TechSnips.

Feel free to verify me by using Get-Alias.

Authenticating with Login-AzureRmAccount

Just because Login-AzureRmAccount is the most searched term to authenticate to Azure, I will be using it in the rest of this post. However, if you’re building Azure scripts with PowerShell, I always recommend using Connect-AzureRmAccount!

There are lots of ways to authenticate to Azure using Login-AzureRmAccount. The method to do so depends on what resources you’re authenticating to. For example, there are roughly five different ways to authenticate to Azure.

Signing in Interactively

The most common way people just starting to work with Azure will connect interactively. This means, they will run Login-AzureRmAccount and will be prompted for credentials.

Login-AzureRmAccount

This method works if you have a Microsoft or organizational Office 365 account and don’t need to automate the task.

Signing in with a Service Principal

You can also use a service principal to authenticate. This along with the managed service identity is the way to go if you need to authenticate in an automated script. However, this requires creating an Azure Active Directory application along with the service principal itself which is a little set up ahead of time. For a full overview of how to get that set up, you can check out this TechSnips video entitled How To Create And Authenticate To Azure With A Service Principal Using PowerShell. It covers all of the steps you need to get one set up.

Authenticating with a service principal will force you to use the Login-AzureRmAccount Credential and ServicePrincipal parameters.

Signing in with a Managed Service Identity

Another way is used managed service identities which, to be honest, I have never done before. I’ve provided a link in this section to get an overview of that. Some of the commands used with Login-AzureRmAccount when authenticating with managed service identities are

Signing in as a Cloud Solution Provider (CSP)

If your company is a Microsoft partner and uses Azure services to directly provide resources to your customers, you may use Login-AzureRmAccount and use the TenantId parameter. This is required to specify a different Azure AD tenant.

Signing into a Non-Public Cloud

Finally, although not too common is the ability to authenticate to a non-public cloud like a government or country cloud. These clouds are represented by an Azure environment using the Environment parameter on Login-AzureRmAccount. If you don’t know the environment name, you can always use the Get-AzureRmEnvironment command.

Wrap Up

As you can see, there are a lot of different ways to authenticate to Azure because Azure is a big service! Using Login-AzureRmAccount (Connect-AzureRmAccount) with PowerShell, you’ll able to provide all of the necessary parameters Azure needs to interactively or non-interactively process your credentials and allow you to get going!

%d bloggers like this: