Open NathOsull opened 1 month ago
Hey @NathOsull thanks for reporting. Could you run a Connect-AzAccount
then try again?
Note that if multi-factor authentication (MFA) is required by your tenant, you need to add -TenantId to Connect-AzAccount
Hi @NathOsull, currently you can workaround it in the following ways
If you are in a Windows system, login interactive before you run any other Azure PowerShell cmdlets
Connect-AzAccount
If you have no access to Windows system with UI, you can disable WAM temporarily
Update-AzConfig -EnableLoginByWam $false
We are experiencing the same error with no change on our side to powershell scripts. It suddently stopped working and we are getting similar error when attempting to get token after successful connection with Connect-AzAccount
Connect-AzAccount -Credential $credential -Tenant $tenantId
$azContext = Get-AzContext
Write-Host "Connnected: $($azContext.Account)"
$script:resourceUrl = "https://api.fabric.microsoft.com"
$script:fabricToken = (Get-AzAccessToken -ResourceUrl $script:resourceUrl).Token
It gives error
Get-AzAccessToken: Authentication failed against resource https://api.fabric.microsoft.com. User interaction is required. This may be due to the conditional access policy settings such as multi-factor authentication (MFA). Please rerun 'Connect-AzAccount' with additional parameter '-AuthScope https://api.fabric.microsoft.com'.
We have verified there is no MFA or conditional access policy blocking the credential account. Have also tested with AuthScope but this gives no difference in the error and tenantId is already present in Connect-AzAccount as advised.
When running suggested workaround to disable WAM it works, but this shouldnt be necessary?
Update-AzConfig -EnableLoginByWam $false`
As mentioned this has worked for multiple months and started failing today, it leads us to think there has been a bug released in the Az powershell module? any ideas/referances? it looks similar to this issue reported as well ##24967
I ran this and now it works again
Hi @NathOsull, currently you can workaround it by disable WAM temporarily
Update-AzConfig -EnableLoginByWam $false
Ran this ^^ and all working (thanks by the way) ....what changed within a week?
@NathOsull what is the way to Connect-AzAccount before you run Get-AzAccessToken?
@NathOsull @gudbrand3 The issue is due to the change https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-12.0.0#azaccounts-300
Web Account Manager (WAM) was set the default experience of interactive login. For more details please refer to https://go.microsoft.com/fwlink/?linkid=2272007
If you login with user authentication flow (username password, interactively, device code) before, you have to run Connect-AzAccount interactively login before you run any other Azure PowerShell cmdlets after you move to Az.Accounts 3.0.0. We are working on a fix to the issue.
Re-enable WAM, please run
Update-azconfig -EnableLoginByWam $true
and then restart the PowerShell session
Check whether WAM is enabled
Get-AzConfig -EnableLoginByWam
If you enable WAM, run Connect-AzAccount
interactively, but still have an issue to run subsequent cmdlets, Please let us know. The WAM feature greatly replies on the environments. We, developers may not have the same environment with you so that we cannot find the issues easily.
Once again my work is stifled by the apparent incompetency of Microsoft developers. Cant just let something be that is actually working. Now we have broken processes and I can hold no one accountable. I mention this in many of my other frustration, disenfranchised fueled responses to issues like this. I don't know where you recruit these developers, but you should really consider your source and employ more thorough vetting against potential candidates. Im personally getting real tired of getting half way through developing something just to have it stop working because of poorly socialized, poorly tested and poorly implemented code changes that seem to be almost completely unnecessary. What happened to those developers that would test 100x before implementing and release a solid, working solution? I feel many of the younger generation lack the work ethics, skills and drive to provide the quality work required in the development realm.
This is beyond infuriating. And no, I dont read any responses to these posts (or rarely) because Im not a narcissist.
Description
When trying to get access tokens I can no longer use the create token.
Issue script & Debug output
Environment data
Module versions
Error output