Open o-l-a-v opened 2 months ago
Confirmed that the exact same command, with the exact same Entra ID account and tenant works as expected with Az.Accounts
v2.19.0.
+2
I think this is due to the new LoginExperienceV2: https://techcommunity.microsoft.com/t5/azure-tools-blog/announcing-a-new-login-experience-with-azure-powershell-and/ba-p/4109357
It looks like from this article, that WAM is an opt-in preview feature? https://learn.microsoft.com/da-dk/powershell/azure/authenticate-interactive?view=azps-12.0.0
I fixed it with this setting if using user auth: Update-AzConfig -EnableLoginByWam $false
And then run "Connect-AzAccount" again with success.
@nielsck Thanks, can confirm that Connect-AzAccount -UseDeviceAuthentication
works if disabling WAM with Update-AzConfig -EnableLoginByWam $false
.
Too bad you're forced to choose a subscription; I do less and less subscription context based scripting as I tend to use resource graph ( Search-AzGraph
) and API calls ( Invoke-AzRestMethod
) using resource ID directly.
Edit: The last part can be turned off with Set-AzConfig -LoginExperienceV2 'Off'
.
@o-l-a-v agreed, but it works for me when including -TenantId
parameter.
@o-l-a-v Could you provide the debug log of your case?
Connect-AzAccount -Debug -DeviceCode
Actually, our developers are not able to reproduce your cases locally yet.
The case may be affected by MFA feature Microsoft products are recently working on The workaround is to login with tenant as @nielsck mentioned
Connect-AzAccount -Debug -DeviceCode -Tenant $tenantId
Also the case may be affected by WAM
Re-login interactively before you run other Azure PowerShell cmdlets
Connect-AzAccount
If not work, disable WAM temporarily as you do (don't need to disable login experienceV2)
Update-AzConfig -EnableLoginByWam $false
Further, could you provide the following information, thanks
@bfrankMS @nielsck Could you also provide the debug log and answer the questions above so that we can identify your issues, thanks
@msJinLei I could reproduce the results on a test tenant of mine with only security defaults enabled for MFA / Conditional Access ( https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults ).
Output of running with -Debug
.
Description
Az.Accounts
v3.0.0Connect-AzAccount -UseDeviceAuthentication
seems to be broken.Edit: Above command works as it did prior to
Az.Accounts
v3.0.0 if youSet-AzConfig -EnableLoginByWam $false -LoginExperienceV2 'Off'
, thanks @nielsck.Changelog for v3.0.0:
Issue script & Debug output
Environment data
Module versions
Error output