Open bniranjanbhat opened 1 year ago
I also ran into this, took some time to sort out when things that used to work suddenly don't.
@bniranjanbhat and @bemokraig , I cannot reproduce the issue. Could you confirm the issue disappears when you use Az.Accounts 2.10.1 or 2.10.0?
hey @dingmeng-xue I had mentioned this already:
The issue stops occurring if you did like below already once on the machine:
@bniranjanbhat ,
After Disconnect-AzAccount
and Clear-AzContext
are executed, you can assume environment is clean. I cannot see the error after it.
The log shows below error. It's the reason I'd like to get your confirmation that you cannot see the same problem when you use old version. Your answer will help me to provide further analysis.
The provided account asdfasd@asdfa.com does not have access to subscription ID "cleaned". Please try logging in with different credentials or a different subscription ID.
@bemokraig , please check whether your account can access multiple tenant. If one tenant requires stricter authentication approach than the first tenant picked up by Azure PowerShell, you will hit the problem.
So far, this issue can not be resolved on client side because AzureAD determines authN approach according to tenant setting and access policy. Client cannot determine it or predict which tenant needs stricter method.
Description
Using Connect-AzAccount with only subscription ID switch used to work earlier. However, with the latest version (2.10.2), it expects the TenantID also if the account is part of multiple tenants, this breaks backward compatibility.
NOTE: I have also seen another behavior:
Issue script & Debug output
Environment data
Module versions
Error output