Open microsoftprince opened 2 months ago
Hi Team,
Please help me to resolve this issue
@microsoftprince Could you upgrade to Az.Accounts 3.0.2 and run Connect-AzAccount
again to see whether the issue still remain?
### Step 1: I have installed Az.Accounts 3.0.2 using following command Install-Module -Name Az.Accounts -RequiredVersion 3.0.2 -AllowClobber
### Step 2: Connect-AzAccount -UseDeviceAuthentication - Working properly
### Step 3: Connect-AzAccount -UseDeviceAuthentication -AuthScope AzureKeyVaultServiceEndpointResourceId This command is not working, see the log as follows DEBUG: 11:04:09 AM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 11:04:09 AM - ConnectAzureRmAccountCommand begin processing with ParameterSet 'UserWithSubscriptionId'. DEBUG: 11:04:09 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 11:04:09 AM - [ConfigManager] Updated [EnableLoginByWam] to [False]. Scope = [CurrentUser], AppliesTo = [] DEBUG: 11:04:09 AM - [ConfigManager] Got nothing from [DefaultSubscriptionForLogin], Module = [], Cmdlet = []. Returning default value []. DEBUG: 11:04:09 AM - Autosave setting from startup session: 'CurrentUser' DEBUG: 11:04:09 AM - No autosave setting detected in environment variable 'AzContextAutoSave'. DEBUG: 11:04:09 AM - Using Autosave scope 'CurrentUser' WARNING: You may need to login again after updating "EnableLoginByWam". DEBUG: 11:04:09 AM - [DeviceCodeAuthenticator] Calling DeviceCodeCredential.AuthenticateAsync - TenantId:'', Scopes:'https://vault.azure.net/.default', AuthorityHost:'https://login.microsoftonline.com/' DEBUG: DeviceCodeCredential.Authenticate invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: Please select the account you want to login with.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET Framework 4.8.9256.0 Microsoft Windows 10.0.22631 [2024-07-22 18:04:09Z - 56910ba5-5ef7-4f4c-8fb2-eb6f7efa168a] MSAL MSAL.CoreCLR with assembly version '4.61.3.0'. CorrelationId(56910ba5-5ef7-4f4c-8fb2-eb6f7efa168a) DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET Framework 4.8.9256.0 Microsoft Windows 10.0.22631 [2024-07-22 18:04:09Z - 56910ba5-5ef7-4f4c-8fb2-eb6f7efa168a] === Request Data === Authority Provided? - True Scopes - https://vault.azure.net/.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenByDeviceCode IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 56910ba5-5ef7-4f4c-8fb2-eb6f7efa168a UserAssertion set: False LongRunningOboCacheKey set: False Region configured: DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET Framework 4.8.9256.0 Microsoft Windows 10.0.22631 [2024-07-22 18:04:09Z - 56910ba5-5ef7-4f4c-8fb2-eb6f7efa168a] === Token Acquisition (DeviceCodeRequest) started: Scopes: https://vault.azure.net/.default Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET Framework 4.8.9256.0 Microsoft Windows 10.0.22631 [2024-07-22 18:04:09Z - 56910ba5-5ef7-4f4c-8fb2-eb6f7efa168a] [Instance Discovery] Instance discovery is enabled and will be performed DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET Framework 4.8.9256.0 Microsoft Windows 10.0.22631 [2024-07-22 18:04:09Z - 56910ba5-5ef7-4f4c-8fb2-eb6f7efa168a] [Region discovery] Not using a regional authority. DEBUG: Request [9f6290d1-1be0-4219-8af7-bec96f00e4ab] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:9f6290d1-1be0-4219-8af7-bec96f00e4ab x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.12.0 (.NET Framework 4.8.9256.0; Microsoft Windows 10.0.22631 ) client assembly: Azure.Identity DEBUG: Response [9f6290d1-1be0-4219-8af7-bec96f00e4ab] 200 OK (00.6s) Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED client-request-id:REDACTED x-ms-request-id:82d46f6d-4145-496c-a722-dd44b85b6400 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Cache-Control:no-store, no-cache P3P:REDACTED Set-Cookie:REDACTED Date:Mon, 22 Jul 2024 18:04:10 GMT Content-Length:473 Content-Type:application/json; charset=utf-8 Expires:-1 DEBUG: Request [1b0a3076-faa6-4cb7-bc92-e88d8a45fef3] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED x-client-current-telemetry:REDACTED x-client-last-telemetry:REDACTED x-ms-lib-capability:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:1b0a3076-faa6-4cb7-bc92-e88d8a45fef3 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.12.0 (.NET Framework 4.8.9256.0; Microsoft Windows 10.0.22631 ) client assembly: Azure.Identity [Login to Azure] To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code EQW9AMZ2D to authenticate.
### Step 4: Entered the code EQW9AMZ2D in browser
### Step 5: Result in browser
### Step 6: Result in Powershell command
@microsoftprince I have encountered the similar issue before. It may relate to the machine you are using (I switched to another machine with full permission and the issue resolved). We are going to investigate more and to see what's the problem.
I see you create an issue also for MSAL https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4847. I believe they are related.
@msJinLei I have checked other machines also, am facing same issue. When I execute Connect-AzAccount -UseDeviceAuthentication there is no issue. Only problem when executing below command
Connect-AzAccount -UseDeviceAuthentication -AuthScope AzureKeyVaultServiceEndpointResourceId
Hi @msJinLei Please help me
Description
Unable to acquire token for tenant '****' with error 'Authentication failed against tenant *****. User interaction is required. This may be due to the conditional access policy settings such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId *-*****'.'
Issue script & Debug output
Environment data
Module versions
Error output