|
| 1 | +--- |
| 2 | +title: Log in with Azure PowerShell |
| 3 | +description: Log in with Azure PowerShell |
| 4 | +services: azure |
| 5 | +author: sdwheeler |
| 6 | +ms.author: sewhee |
| 7 | +manager: carmonm |
| 8 | +ms.product: azure |
| 9 | +ms.service: azure-powershell |
| 10 | +ms.devlang: powershell |
| 11 | +ms.topic: conceptual |
| 12 | +ms.date: 05/15/2017 |
| 13 | +--- |
| 14 | + |
| 15 | +# Log in with Azure PowerShell |
| 16 | + |
| 17 | +Azure PowerShell supports multiple login methods. The simplest way to get started is to log in |
| 18 | +interactively at the command line. |
| 19 | + |
| 20 | +## Interactive log in |
| 21 | + |
| 22 | +1. Type `Connect-AzureRmAccount`. You will get dialog box asking for your Azure credentials. |
| 23 | + |
| 24 | +2. Type the email address and password associated with your account. Azure authenticates and saves |
| 25 | + the credential information, and then closes the window. |
| 26 | + |
| 27 | +## Log in with a service principal |
| 28 | + |
| 29 | +Service principals provide a way for you to create non-interactive accounts that you can use to |
| 30 | +manipulate resources. Service principals are like user accounts to which you can apply rules using |
| 31 | +Azure Active Directory. By granting the minimum permissions needed to a service principal, you can |
| 32 | +ensure your automation scripts are even more secure. |
| 33 | + |
| 34 | +1. If you don't already have a service principal, [create one](create-azure-service-principal-azureps.md). |
| 35 | + |
| 36 | +2. Log in with the service principal. |
| 37 | + |
| 38 | + ```powershell |
| 39 | + Connect-AzureRmAccount -ServicePrincipal -ApplicationId "http://my-app" -Credential $pscredential -TenantId $tenantid |
| 40 | + ``` |
| 41 | +
|
| 42 | + To get your TenantId, log in interactively and then get the TenantId from your subscription. |
| 43 | +
|
| 44 | + ```powershell |
| 45 | + Get-AzureRmSubscription |
| 46 | + ``` |
| 47 | +
|
| 48 | + ``` |
| 49 | + Environment : AzureCloud |
| 50 | + Account : username@contoso.com |
| 51 | + TenantId : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX |
| 52 | + SubscriptionId : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX |
| 53 | + SubscriptionName : My Production Subscription |
| 54 | + CurrentStorageAccount : |
| 55 | + ``` |
| 56 | +
|
| 57 | +### Log in using an Azure VM Managed Service Identity |
| 58 | +
|
| 59 | +Managed Service Identity (MSI) is a preview feature of Azure Active Directory. You can use an MSI |
| 60 | +service principal for sign-in, and acquire an app-only access token to access other resources. |
| 61 | +
|
| 62 | +For more information about MSI, see |
| 63 | +[How to use an Azure VM Managed Service Identity (MSI) for sign-in and token acquisition](/azure/active-directory/msi-how-to-get-access-token-using-msi). |
| 64 | +
|
| 65 | +## Log in to another Cloud |
| 66 | +
|
| 67 | +Azure cloud services provide different environments that adhere to the data-handling regulations of |
| 68 | +various governments. If your Azure account is in one the government clouds, you need to specify the |
| 69 | +environment when you sign in. For example, if you account is in the China cloud you sign on using |
| 70 | +the following command: |
| 71 | +
|
| 72 | +```powershell |
| 73 | +Connect-AzureRmAccount -Environment AzureChinaCloud |
| 74 | +``` |
| 75 | + |
| 76 | +Use the following command to get a list of available environments: |
| 77 | + |
| 78 | +```powershell |
| 79 | +Get-AzureRmEnvironment | Select-Object Name |
| 80 | +``` |
| 81 | + |
| 82 | +``` |
| 83 | +Name |
| 84 | +---- |
| 85 | +AzureCloud |
| 86 | +AzureChinaCloud |
| 87 | +AzureUSGovernment |
| 88 | +AzureGermanCloud |
| 89 | +``` |
| 90 | + |
| 91 | +## Learn more about managing Azure role-based access |
| 92 | + |
| 93 | +For more information about authentication and subscription management in Azure, see |
| 94 | +[Manage Accounts, Subscriptions, and Administrative Roles](/azure/active-directory/role-based-access-control-configure). |
| 95 | + |
| 96 | +Azure PowerShell cmdlets for role management |
| 97 | + |
| 98 | +* [Get-AzureRmRoleAssignment](/powershell/module/AzureRM.Resources/Get-AzureRmRoleAssignment) |
| 99 | +* [Get-AzureRmRoleDefinition](/powershell/module/AzureRM.Resources/Get-AzureRmRoleDefinition) |
| 100 | +* [New-AzureRmRoleAssignment](/powershell/module/AzureRM.Resources/New-AzureRmRoleAssignment) |
| 101 | +* [New-AzureRmRoleDefinition](/powershell/module/AzureRM.Resources/New-AzureRmRoleDefinition) |
| 102 | +* [Remove-AzureRmRoleAssignment](/powershell/module/AzureRM.Resources/Remove-AzureRmRoleAssignment) |
| 103 | +* [Remove-AzureRmRoleDefinition](/powershell/module/AzureRM.Resources/Remove-AzureRmRoleDefinition) |
| 104 | +* [Set-AzureRmRoleDefinition](/powershell/moduel/AzureRM.Resources/Set-AzureRmRoleDefinition) |
0 commit comments