`Az.Accounts` v3.0.0 `Connect-AzAccount -UseDeviceAuthentication` is broken

[o-l-a-v]

Description

Az.Accounts v3.0.0 Connect-AzAccount -UseDeviceAuthentication seems to be broken.

Edit: Above command works as it did prior to Az.Accounts v3.0.0 if you Set-AzConfig -EnableLoginByWam $false -LoginExperienceV2 'Off', thanks @nielsck.

Changelog for v3.0.0:

• https://github.com/Azure/azure-powershell/blob/main/src%2FAccounts%2FAccounts%2FChangeLog.md

Issue script & Debug output

PowerShell Core v7.4.2 x64
PS C:\Users\olav.birkeland> Clear-AzContext -Force
PS C:\Users\olav.birkeland> Connect-AzAccount -UseDeviceAuthentication
Please select the account you want to login with.

[Login to Azure] To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code <redacted> to authenticate.
Retrieving subscriptions for the selection...
WARNING: Unable to acquire token for tenant '<redacted>' with error 'Authentication failed against tenant <redacted>. User interaction is required. This may be due to the conditional access policy settings such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId <redacted>'.'
WARNING: Unable to set default context 'Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureContext'.
Connect-AzAccount: Run Connect-AzAccount to login.

PS C:\Users\olav.birkeland>

Environment data

PowerShell v7.4.2 x64 on Windows 11 23H2

Module versions

Az.Accounts v3.0.0

Error output

PS C:\Users\olav.birkeland> (Resolve-AzError -Last).Exception

ErrorRecord    : Run Connect-AzAccount to login.
TargetSite     : Microsoft.Azure.Commands.Common.Authentication.Abstractions.IAzureContext get_DefaultContext()
Message        : Run Connect-AzAccount to login.
Data           : {}
InnerException :
HelpLink       :
Source         : Microsoft.Azure.PowerShell.Cmdlets.Accounts
HResult        : -2146233079
StackTrace     :    at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.get_DefaultContext()
                    at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.ListTenants(String tenant)
                    at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.ListSubscriptions(String tenantIdOrDomain)
                    at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.Login(IAzureAccount account, IAzureEnvironment environment, String tenantIdOrName, String subscriptionId, String subscriptionName,
                 SecureString password, Boolean skipValidation, IOpenIDConfiguration openIDConfigDoc, Action`1 promptAction, String name, Boolean shouldPopulateContextList, Int32 maxContextPopulation, String authScope,
                 Boolean isInteractiveAuthenticationFlow, Boolean IsInteractiveContextSelectionEnabled)
                    at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass134_2.<ExecuteCmdlet>b__7()
                    at System.Threading.Tasks.Task`1.InnerInvoke()
                    at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
                 --- End of stack trace from previous location ---
                    at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
                    at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
                 --- End of stack trace from previous location ---
                    at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass134_1.<ExecuteCmdlet>b__1(AzureRmProfile localProfile, RMProfileClient profileClient, String name)
                    at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass149_0.<SetContextWithOverwritePrompt>b__0(AzureRmProfile prof, RMProfileClient client)
                    at Microsoft.Azure.Commands.Profile.Common.AzureContextModificationCmdlet.ModifyContext(Action`2 contextAction)
                    at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.SetContextWithOverwritePrompt(Action`3 setContextAction)
                    at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()

PS C:\Users\olav.birkeland>

[o-l-a-v]

Confirmed that the exact same command, with the exact same Entra ID account and tenant works as expected with Az.Accounts v2.19.0.

[bfrankMS]

+2

[nielsck]

I think this is due to the new LoginExperienceV2: https://techcommunity.microsoft.com/t5/azure-tools-blog/announcing-a-new-login-experience-with-azure-powershell-and/ba-p/4109357

It looks like from this article, that WAM is an opt-in preview feature? https://learn.microsoft.com/da-dk/powershell/azure/authenticate-interactive?view=azps-12.0.0

I fixed it with this setting if using user auth: Update-AzConfig -EnableLoginByWam $false

And then run "Connect-AzAccount" again with success.

[o-l-a-v]

@nielsck Thanks, can confirm that Connect-AzAccount -UseDeviceAuthentication works if disabling WAM with Update-AzConfig -EnableLoginByWam $false.

Too bad you're forced to choose a subscription; I do less and less subscription context based scripting as I tend to use resource graph ( Search-AzGraph ) and API calls ( Invoke-AzRestMethod ) using resource ID directly.

Edit: The last part can be turned off with Set-AzConfig -LoginExperienceV2 'Off'.

[nielsck]

@o-l-a-v agreed, but it works for me when including -TenantId parameter.

[msJinLei]

@o-l-a-v Could you provide the debug log of your case?

Connect-AzAccount -Debug -DeviceCode

Actually, our developers are not able to reproduce your cases locally yet.

The case may be affected by MFA feature Microsoft products are recently working on The workaround is to login with tenant as @nielsck mentioned

Connect-AzAccount -Debug -DeviceCode -Tenant $tenantId

Also the case may be affected by WAM

Re-login interactively before you run other Azure PowerShell cmdlets

Connect-AzAccount

If not work, disable WAM temporarily as you do (don't need to disable login experienceV2)

Update-AzConfig -EnableLoginByWam $false

Further, could you provide the following information, thanks

• Do you login with a Microsoft account or tenant account?
• Does your tenant enable MFA or other related conditional access policy recently?

@bfrankMS @nielsck Could you also provide the debug log and answer the questions above so that we can identify your issues, thanks

[o-l-a-v]

@msJinLei I could reproduce the results on a test tenant of mine with only security defaults enabled for MFA / Conditional Access ( https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults ).

Output of running with -Debug.

Click to expand

``` PowerShell Core v7.4.2 x64 PS C:\Users\olav.birkeland> Clear-AzContext -Force PS C:\Users\olav.birkeland> Clear-AzConfig -Force PS C:\Users\olav.birkeland> Connect-AzAccount -UseDeviceAuthentication -Debug DEBUG: 08:55:01 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 08:55:01 - ConnectAzureRmAccountCommand begin processing with ParameterSet 'UserWithSubscriptionId'. DEBUG: 08:55:01 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 08:55:01 - [ConfigManager] Got nothing from [DefaultSubscriptionForLogin], Module = [], Cmdlet = []. Returning default value []. Confirm Are you sure you want to perform this action? Performing the operation "log in" on target "User account in environment 'AzureCloud'". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a DEBUG: 08:55:08 - Autosave setting from startup session: 'CurrentUser' DEBUG: 08:55:08 - No autosave setting detected in environment variable 'AzContextAutoSave'. DEBUG: 08:55:08 - Using Autosave scope 'CurrentUser' Please select the account you want to login with. DEBUG: 08:55:08 - [DeviceCodeAuthenticator] Calling DeviceCodeCredential.AuthenticateAsync - TenantId:'', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/' DEBUG: DeviceCodeCredential.Authenticate invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] MSAL MSAL.CoreCLR with assembly version '4.60.3.0'. CorrelationId(a3cf32c0-d6f4-4bdd-baf9-f86d1789f977) DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] === Request Data === Authority Provided? - True Scopes - https://management.core.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenByDeviceCode IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977 UserAssertion set: False LongRunningOboCacheKey set: False Region configured: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] === Token Acquisition (DeviceCodeRequest) started: Scopes: https://management.core.windows.net//.default Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] [Instance Discovery] Instance discovery is enabled and will be performed DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Fetching instance discovery from the network from host login.microsoftonline.com. DEBUG: Request [9b52aef6-4b8f-43d7-ba78-89b6d6496738] GET https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=REDACTED x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED x-ms-client-request-id:9b52aef6-4b8f-43d7-ba78-89b6d6496738 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity DEBUG: Response [9b52aef6-4b8f-43d7-ba78-89b6d6496738] 200 OK (00.1s) Cache-Control:max-age=86400, private Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED Access-Control-Allow-Origin:REDACTED Access-Control-Allow-Methods:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:93cc44b8-31ea-4929-8ef9-75c3da432000 x-ms-ests-server:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 23 May 2024 06:55:09 GMT Content-Type:application/json; charset=utf-8 Content-Length:957 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Authority validation enabled? True. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Authority validation - is known env? True. DEBUG: Request [784af911-2c49-47e7-87ad-a0e3cf2daede] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:784af911-2c49-47e7-87ad-a0e3cf2daede x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity DEBUG: Response [784af911-2c49-47e7-87ad-a0e3cf2daede] 200 OK (00.1s) Cache-Control:no-store, no-cache Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:4e950f94-9f59-4252-bd02-5fc30a81e700 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 23 May 2024 06:55:09 GMT Content-Type:application/json; charset=utf-8 Expires:-1 Content-Length:473 [Login to Azure] To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code LPEFAVQ94 to authenticate. DEBUG: Request [ae681309-f3dd-4045-b369-01f1b0586a25] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED x-client-current-telemetry:REDACTED x-client-last-telemetry:REDACTED x-ms-lib-capability:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:ae681309-f3dd-4045-b369-01f1b0586a25 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity DEBUG: Error response [ae681309-f3dd-4045-b369-01f1b0586a25] 400 Bad Request (00.1s) Cache-Control:no-store, no-cache Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:7e8b02ba-f862-4eb2-a09a-44dc12ec3600 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 23 May 2024 06:55:09 GMT Content-Type:application/json; charset=utf-8 Expires:-1 Content-Length:501 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Request retry failed. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] HttpStatusCode: 400: BadRequest DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:08Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Exception type: Microsoft.Identity.Client.MsalServiceException , ErrorCode: authorization_pending HTTP StatusCode 400 CorrelationId a3cf32c0-d6f4-4bdd-baf9-f86d1789f977 Microsoft Entra ID Error Code AADSTS70016 To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging DEBUG: Request [8700d2a3-d3c5-4384-92c5-d4a13c263f8d] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED x-client-current-telemetry:REDACTED x-client-last-telemetry:REDACTED x-ms-lib-capability:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:8700d2a3-d3c5-4384-92c5-d4a13c263f8d x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity DEBUG: Error response [8700d2a3-d3c5-4384-92c5-d4a13c263f8d] 400 Bad Request (00.2s) Cache-Control:no-store, no-cache Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:ece6356e-1372-42c5-9a5f-7550d7410c00 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 23 May 2024 06:55:14 GMT Content-Type:application/json; charset=utf-8 Expires:-1 Content-Length:501 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:13Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Request retry failed. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:13Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] HttpStatusCode: 400: BadRequest DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:13Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Exception type: Microsoft.Identity.Client.MsalServiceException , ErrorCode: authorization_pending HTTP StatusCode 400 CorrelationId a3cf32c0-d6f4-4bdd-baf9-f86d1789f977 Microsoft Entra ID Error Code AADSTS70016 To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging DEBUG: Request [eae3fb86-5ea6-45bb-8607-09585a257c77] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED x-client-current-telemetry:REDACTED x-client-last-telemetry:REDACTED x-ms-lib-capability:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:eae3fb86-5ea6-45bb-8607-09585a257c77 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity DEBUG: Error response [eae3fb86-5ea6-45bb-8607-09585a257c77] 400 Bad Request (00.1s) Cache-Control:no-store, no-cache Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:43de2b2d-c31f-4db9-9545-be063182b600 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 23 May 2024 06:55:19 GMT Content-Type:application/json; charset=utf-8 Expires:-1 Content-Length:501 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:18Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Response status code does not indicate success: 400 (BadRequest). DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:18Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Request retry failed. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:18Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] HttpStatusCode: 400: BadRequest DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:18Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Exception type: Microsoft.Identity.Client.MsalServiceException , ErrorCode: authorization_pending HTTP StatusCode 400 CorrelationId a3cf32c0-d6f4-4bdd-baf9-f86d1789f977 Microsoft Entra ID Error Code AADSTS70016 To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging DEBUG: Request [c9909020-cb26-4592-8c02-1d4f08a26757] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED x-client-current-telemetry:REDACTED x-client-last-telemetry:REDACTED x-ms-lib-capability:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:c9909020-cb26-4592-8c02-1d4f08a26757 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity DEBUG: Error response [c9909020-cb26-4592-8c02-1d4f08a26757] 400 Bad Request (00.1s) Cache-Control:no-store, no-cache Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:1c2843c0-f561-4875-8bda-b0baf1a13600 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 23 May 2024 06:55:24 GMT Content-Type:application/json; charset=utf-8 Expires:-1 Content-Length:501 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:23Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Response status code does not indicate success: 400 (BadRequest). DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:23Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Request retry failed. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:23Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] HttpStatusCode: 400: BadRequest DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:23Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Exception type: Microsoft.Identity.Client.MsalServiceException , ErrorCode: authorization_pending HTTP StatusCode 400 CorrelationId a3cf32c0-d6f4-4bdd-baf9-f86d1789f977 Microsoft Entra ID Error Code AADSTS70016 To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging DEBUG: Request [1b4fae71-3f12-47ae-9a2e-dc26cb5c148f] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED x-client-current-telemetry:REDACTED x-client-last-telemetry:REDACTED x-ms-lib-capability:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:1b4fae71-3f12-47ae-9a2e-dc26cb5c148f x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity DEBUG: Error response [1b4fae71-3f12-47ae-9a2e-dc26cb5c148f] 400 Bad Request (00.1s) Cache-Control:no-store, no-cache Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:b9f8cbf6-1195-4984-b8c7-5cc5afee5100 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 23 May 2024 06:55:29 GMT Content-Type:application/json; charset=utf-8 Expires:-1 Content-Length:501 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:28Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Response status code does not indicate success: 400 (BadRequest). DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:28Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Request retry failed. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:28Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] HttpStatusCode: 400: BadRequest DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:28Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Exception type: Microsoft.Identity.Client.MsalServiceException , ErrorCode: authorization_pending HTTP StatusCode 400 CorrelationId a3cf32c0-d6f4-4bdd-baf9-f86d1789f977 Microsoft Entra ID Error Code AADSTS70016 To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging DEBUG: Request [d67cf390-8001-4d69-979a-c8fd51111662] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED x-client-current-telemetry:REDACTED x-client-last-telemetry:REDACTED x-ms-lib-capability:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:d67cf390-8001-4d69-979a-c8fd51111662 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.4; Microsoft Windows 10.0.22631) client assembly: Azure.Identity DEBUG: Response [d67cf390-8001-4d69-979a-c8fd51111662] 200 OK (00.5s) Cache-Control:no-store, no-cache Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:ba0d159b-91b4-415d-8ea1-0f673c5c0700 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 23 May 2024 06:55:35 GMT Content-Type:application/json; charset=utf-8 Expires:-1 Content-Length:4817 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Checking client info returned from the server.. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Saving token response to cache.. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs... DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Looking for scopes for the authority in the cache which intersect with https://management.core.windows.net//.default DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Intersecting scope entries count - 0 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Matching entries after filtering by user - 0 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] [SaveTokenResponseAsync] Saving Id Token and Account in cache ... DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] [SaveTokenResponseAsync] Saving RT in cache... DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Not writing FRT in ADAL legacy cache. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] === Token Acquisition finished successfully: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] AT expiration time: 23.05.2024 08:18:42 +00:00, scopes: https://management.core.windows.net//.default https://management.core.windows.net//user_impersonation. source: IdentityProvider DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a3cf32c0-d6f4-4bdd-baf9-f86d1789f977] Fetched access token from host login.microsoftonline.com. DEBUG: DeviceCodeCredential.Authenticate succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2024-05-23T08:18:42.3324374+00:00 DEBUG: 08:55:34 - [MsalAccessToken] Calling DeviceCodeCredential.GetTokenAsync - Scopes:'https://management.core.windows.net//.default' DEBUG: DeviceCodeCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] MSAL MSAL.CoreCLR with assembly version '4.60.3.0'. CorrelationId(379ff403-2607-4204-bea6-85cfa9435235) DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] === AcquireTokenSilent Parameters === DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] LoginHint provided: False DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] Account provided: True DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] ForceRefresh: False DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] === Request Data === Authority Provided? - True Scopes - https://management.core.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 379ff403-2607-4204-bea6-85cfa9435235 UserAssertion set: False LongRunningOboCacheKey set: False Region configured: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] === Token Acquisition (SilentRequest) started: Scopes: https://management.core.windows.net//.default Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] Access token is not expired. Returning the found cache entry. [Current time (05/23/2024 06:55:34) - Expiration Time (05/23/2024 08:18:42 +00:00) - Extended Expiration Time (05/23/2024 08:18:42 +00:00)] DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] Returning access token found in cache. RefreshOn exists ? False DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] === Token Acquisition finished successfully: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - 379ff403-2607-4204-bea6-85cfa9435235] AT expiration time: 23.05.2024 08:18:42 +00:00, scopes: https://management.core.windows.net//.default https://management.core.windows.net//user_impersonation. source: Cache DEBUG: DeviceCodeCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2024-05-23T08:18:42.0000000+00:00 DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: GET Absolute Uri: https://management.azure.com/tenants?api-version=2021-01-01 Headers: Accept-Language : en-US x-ms-client-request-id : e1d7ff2e-8124-44e6-b378-c4f6fee8d6b2 Body: DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache x-ms-throttling-version : v1 x-ms-ratelimit-remaining-tenant-reads: 11999 x-ms-request-id : cf683daa-2ea5-4d0c-9fb0-e8b675636782 x-ms-correlation-request-id : cf683daa-2ea5-4d0c-9fb0-e8b675636782 x-ms-routing-request-id : GERMANYWESTCENTRAL:20240523T065535Z:cf683daa-2ea5-4d0c-9fb0-e8b675636782 Strict-Transport-Security : max-age=31536000; includeSubDomains X-Content-Type-Options : nosniff X-Cache : CONFIG_NOCACHE X-MSEdge-Ref : Ref A: 4F0572BD1FFC4EC68AE93B9CCC3AB036 Ref B: FRA231050416023 Ref C: 2024-05-23T06:55:35Z Date : Thu, 23 May 2024 06:55:35 GMT Body: { "value": [ { "id": "/tenants/14dd0860-3db5-4af6-a0df-a9c66d284f45", "tenantId": "14dd0860-3db5-4af6-a0df-a9c66d284f45", "countryCode": "IE", "displayName": "4hdqqm", "domains": [ "4hdqqm.onmicrosoft.com" ], "tenantCategory": "Home", "defaultDomain": "4hdqqm.onmicrosoft.com", "tenantType": "AAD" } ] } DEBUG: 08:55:34 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'14dd0860-3db5-4af6-a0df-a9c66d284f45', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'admin-olav.birkeland@4hdqqm.onmicrosoft.com' DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - efbd6d14-a602-4b4c-acd9-c8280ec17922] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - efbd6d14-a602-4b4c-acd9-c8280ec17922] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - efbd6d14-a602-4b4c-acd9-c8280ec17922] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - efbd6d14-a602-4b4c-acd9-c8280ec17922] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - efbd6d14-a602-4b4c-acd9-c8280ec17922] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [Runtime] WAM supported OS. Retrieving subscriptions for the selection... DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [RuntimeBroker] ListWindowsWorkAndSchoolAccounts option was not enabled. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - a4ff66a8-b24f-49e4-8354-65cf1b10ebaa] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] Found 1 cache accounts and 0 broker accounts DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] Returning 1 accounts DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] MSAL MSAL.CoreCLR with assembly version '4.60.3.0'. CorrelationId(f50df797-7d28-44fd-869e-1ebad313567d) DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] === AcquireTokenSilent Parameters === DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] LoginHint provided: False DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] Account provided: True DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] ForceRefresh: False DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] === Request Data === Authority Provided? - True Scopes - https://management.core.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - True HomeAccountId - False CorrelationId - f50df797-7d28-44fd-869e-1ebad313567d UserAssertion set: False LongRunningOboCacheKey set: False Region configured: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] === Token Acquisition (SilentRequest) started: Scopes: https://management.core.windows.net//.default Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] Broker is configured and enabled, attempting to use broker instead. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [Runtime] WAM supported OS. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] Can invoke broker. Will attempt to acquire token with broker. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0001] WARNING SetAuthorityString:98 Initializing authority from string 'https://login.microsoftonline.com/14dd0860-3db5-4af6-a0df-a9c66d284f45/' without authority type, defaulting to MsSts DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] ERROR ErrorInternalImpl:134 Created an error: 5vt4a, StatusInternal::AccountNotFound, InternalEvent::None, Error Code 0, Context 'Account with id '(pii)' not found' DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:393 Printing Telemetry for Correlation ID: f50df797-7d28-44fd-869e-1ebad313567d DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: start_time, Value: 2024-05-23T06:55:34.000Z DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: api_name, Value: ReadAccountById DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: was_request_throttled, Value: false DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: authority_type, Value: Unknown DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: msal_version, Value: 1.1.0+local DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: correlation_id, Value: f50df797-7d28-44fd-869e-1ebad313567d DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: broker_app_used, Value: false DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: stop_time, Value: 2024-05-23T06:55:34.000Z DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: all_error_tags, Value: 5vt4a DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: msalruntime_version, Value: 0.16.0 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: api_error_code, Value: 0 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: api_error_tag, Value: 5vt4a DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: api_status_code, Value: StatusInternal::AccountNotFound DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: api_error_context, Value: Account with id '(pii)' not found DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: is_successful, Value: false DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [MSAL:0002] INFO LogTelemetryData:401 Key: request_duration, Value: 0 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z] [RuntimeBroker] Could not find a WAM account for the selected user. Error: Status: AccountNotFound Context: Account with id '(pii)' not found Tag: 0x1f553780 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-05-23 06:55:34Z - f50df797-7d28-44fd-869e-1ebad313567d] Exception type: Microsoft.Identity.Client.MsalUiRequiredException , ErrorCode: wam_no_account_for_id HTTP StatusCode 0 CorrelationId f50df797-7d28-44fd-869e-1ebad313567d To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) DEBUG: SharedTokenCacheCredential.GetToken was unable to retrieve an access token. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: Exception: Azure.Identity.CredentialUnavailableException (0x80131500): SharedTokenCacheCredential authentication unavailable. Token acquisition failed for user admin-olav.birkeland@4hdqqm.onmicrosoft.com. Ensure that you have authenticated with a developer tool that supports Azure single sign on. ---> Microsoft.Identity.Client.MsalUiRequiredException (0x80131500): Could not find a WAM account for the selected user. Error: Status: AccountNotFound Context: Account with id '(pii)' not found Tag: 0x1f553780 WARNING: Unable to acquire token for tenant '14dd0860-3db5-4af6-a0df-a9c66d284f45' with error 'Authentication failed against tenant 14dd0860-3db5-4af6-a0df-a9c66d284f45. User interaction is required. This may be due to the conditional access policy settings such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId 14dd0860-3db5-4af6-a0df-a9c66d284f45'.' Confirm Continue with this operation? [Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y DEBUG: 08:55:37 - Unable to acquire token for tenant '14dd0860-3db5-4af6-a0df-a9c66d284f45' with error 'Microsoft.Azure.Commands.Common.Exceptions.AzPSAuthenticationFailedException: Authentication failed against tenant 14dd0860-3db5-4af6-a0df-a9c66d284f45. User interaction is required. This may be due to the conditional access policy settings such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId 14dd0860-3db5-4af6-a0df-a9c66d284f45'. ---> Azure.Identity.CredentialUnavailableException: SharedTokenCacheCredential authentication unavailable. Token acquisition failed for user admin-olav.birkeland@4hdqqm.onmicrosoft.com. Ensure that you have authenticated with a developer tool that supports Azure single sign on. ---> MSAL.CoreCLR.4.60.3.0.MsalUiRequiredException: ErrorCode: wam_no_account_for_id Microsoft.Identity.Client.MsalUiRequiredException: Could not find a WAM account for the selected user. Error: Status: AccountNotFound Context: Account with id '(pii)' not found Tag: 0x1f553780 at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.ApiConfig.Executors.ClientApplicationBaseExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenSilentParameters silentParameters, CancellationToken cancellationToken) at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.ExecuteAsync[T](AbstractAcquireTokenParameterBuilder`1 builder, Boolean async, CancellationToken cancellationToken) at Azure.Identity.MsalPublicClient.AcquireTokenSilentCoreAsync(String[] scopes, String claims, IAccount account, String tenantId, Boolean enableCae, Boolean async, CancellationToken cancellationToken) at Azure.Identity.MsalPublicClient.AcquireTokenSilentAsync(String[] scopes, String claims, IAccount account, String tenantId, Boolean enableCae, Boolean async, CancellationToken cancellationToken) at Azure.Identity.SharedTokenCacheCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken) StatusCode: 0 ResponseBody: Headers: --- End of inner exception stack trace --- at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable) at Azure.Identity.SharedTokenCacheCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken) at Azure.Identity.SharedTokenCacheCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) at Microsoft.Azure.PowerShell.Authenticators.MsalAccessToken.GetAccessTokenAsync(String callerClassName, String parametersLog, TokenCredential tokenCredential, TokenRequestContext requestContext, CancellationToken cancellationToken, String tenantId, String userId, String homeAccountId) at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String tenant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId) --- End of inner exception stack trace --- at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String tenant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId) at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.AcquireAccessToken(IAzureAccount account, IAzureEnvironment environment, String tenantId, SecureString password, String promptBehavior, Action`1 promptAction, String resourceId) at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.Login(IAzureAccount account, IAzureEnvironment environment, String tenantIdOrName, String subscriptionId, String subscriptionName, SecureString password, Boolean skipValidation, IOpenIDConfiguration openIDConfigDoc, Action`1 promptAction, String name, Boolean shouldPopulateContextList, Int32 maxContextPopulation, String authScope, Boolean isInteractiveAuthenticationFlow, Boolean IsInteractiveContextSelectionEnabled)' WARNING: Unable to set default context 'Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureContext'. Confirm Continue with this operation? [Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y DEBUG: 08:55:38 - [ConfigManager] Got nothing from [EnableErrorRecordsPersistence], Module = [], Cmdlet = []. Returning default value [False]. Connect-AzAccount: Run Connect-AzAccount to login. DEBUG: 08:55:38 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 08:55:38 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 08:55:38 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: AzureQoSEvent: Module: Az.Accounts:3.0.0; CommandName: Connect-AzAccount; PSVersion: 7.4.2; IsSuccess: False; Duration: 00:00:36.7794657; SanitizeDuration: 00:00:00; Exception: Run Connect-AzAccount to login.; DEBUG: 08:55:38 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 08:55:38 - ConnectAzureRmAccountCommand end processing. PS C:\Users\olav.birkeland> ```