The Known Issues of Az.Accounts 3.0.0 and Their Workarounds

[msJinLei]

1. The interactive login method cannot popup window for WAM

Report an error "User canceled authentication" Refer to https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/707

• Workaround

  Update-AzConfig -EnableLoginByWam $false

[!NOTE] Fixed in https://www.nuget.org/packages/Microsoft.Identity.Client.NativeInterop/0.16.2 which Az.Accounts will integrate in the upcoming release.

2. Azure PowerShell cmdlets are unable to run after login with Username+Password or DeviceCode

• Username+Password or DeviceCode login methods will fail without -Tenant parameter

Workaround

1. Login interactively with the same account on the same machine
2. If 1 is not applicable, disable WAM

   Update-AzConfig -EnableLoginByWam $false

   [!NOTE] MSAL team is intensely working on the issue and is about to release the fix recently.

   Root cause

   The root cause was found to be an issue with the cache of MSAL. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4786

3. WAM pop-up window to select an account is not easy to find

• Workaround: minimize other windows to look for the pop-up window carefully

4. WAM pop-up window doesn't display "Work and school account" option

• Workaround

  Update-AzConfig -EnableLoginByWam $false

  [!NOTE] MSAL team is working on the issue see https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4797

  5. The interactive login method cannot popup window for WAM in Window PowerShell ISE Console

• Workaround

  Update-AzConfig -EnableLoginByWam $false

  [!NOTE] Reported to MSAL team, see https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4796

[slavizh]

What about https://github.com/Azure/azure-powershell/issues/25003?

[weyCC81]

In ISE, on Windows 11 mine says the following, does this correlate?

# 12.0.0    Az
# 3.0.0     Az.Accounts
# 6.0.0     Az.KeyVault
Connect-AzAccount -Tenantid [TenantID] -Subscription [Subscription]
# > Connect-AzAccount : InteractiveBrowserCredential authentication failed: A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles 
# > Could not find tenant id for provided tenant domain '[TenantID]'. Please ensure that the provided user is found in the provided tenant domain.

[msJinLei]

What about #25003?

Thanks for reporting the issue. I reply in it.

[msJinLei]

In ISE, on Windows 11 mine says the following, does this correlate?

# 12.0.0    Az
# 3.0.0     Az.Accounts
# 6.0.0     Az.KeyVault
Connect-AzAccount -Tenantid [TenantID] -Subscription [Subscription]
# > Connect-AzAccount : InteractiveBrowserCredential authentication failed: A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles 
# > Could not find tenant id for provided tenant domain '[TenantID]'. Please ensure that the provided user is found in the provided tenant domain.

@weyCC81 Thanks for reporting the issue. I shall say yes

Please disable WAM to workaround it firstly

Update-AzConfig -EnableLoginByWam $false

[msJinLei]

In ISE, on Windows 11 mine says the following, does this correlate?

# 12.0.0    Az
# 3.0.0     Az.Accounts
# 6.0.0     Az.KeyVault
Connect-AzAccount -Tenantid [TenantID] -Subscription [Subscription]
# > Connect-AzAccount : InteractiveBrowserCredential authentication failed: A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles 
# > Could not find tenant id for provided tenant domain '[TenantID]'. Please ensure that the provided user is found in the provided tenant domain.

@weyCC81 Yes, we have reported your issue to MSAL https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4796

[spongemike2]

I get the same issue whenever I run from an elevated console window. Running the:

Update-AzConfig -EnableLoginByWam $false

...command fixes it.