PROBLEM: You need to connect to your Microsoft Azure subscription from a PowerShell session, but whether to use the Add-AzureAccount or Login-AzureRMAccount cmdlets leaves you confused and frustrated.
SOLUTION: If you need to use the legacy Azure Service Management (ASM) deployment model, use the Add-AzureAccount cmdlet. If you need to use the current Azure Resource Manager (ARM) deployment model, use the Login-AzureRMAccount cmdlet.
Use Azure V1, otherwise known as Azure Service Management or ASM, only if you have a compelling reason to do so (for example, supporting older Azure deployments).
Azure Resource Manager (ARM) is Microsoft’s rearchitecture of their Azure public cloud. ARM sports its own HTML5 web portal, a JSON-based REST API, template-based deployment, role-based access control (RBAC), and a large collection of additional features.
Use ARM for new Azure deployments. To give you a visual cue, I show you the Azure ARM portal in Figure 1. The ARM Uniform Resource Locator (URL) to remember is portal.azure.com.
Install the AzureRM PowerShell modules on your administrative workstation before you authenticate to Azure with Login-AzureRMAccount. Do this from an elevated PowerShell session (I assume you’re running PowerShell 5 here):
Install-Module -Name AzureRM -Verbose -Force [/code]
Next, run the Login-AzureRMAccount cmdlet; you'll see an interactive authentication dialog box as shown in Figure 2.
If you supply a Microsoft Account credential and not an Azure Active Directory (AD) credential, then Azure will redirect you to a Microsoft Account sign-in page, as shown in Figure 3.
NOTE: The ARM cmdlets Login-AzureRMAccount and Add-AzureRMAccount are synonymous thanks to PowerShell's command alias system. You can use either cmdlet, but I always use Login-AzureRMAccount by force of habit.
If you want to authenticate with an Azure AD account (also called a work, school, or organizational account), you can try:
$cred = Get-Credential Login-AzureRMAccount -Credential $cred [/code]
I'll cover how to automate Azure authentication (useful for scripting scenarios) in a future blog post.
If you have legacy Azure assets that are dependent on ASM, then you're forced to use the Add-AzureAccount cmdlet to connect to your Azure subscription. Remember that the ASM and ARM APIs share limited common ground; for all intents and purposes, they are incompatible.
Figure 4 shows you the Azure v1 ASM portal at manage.windowsazure.com.
Running Add-AzureAccount with no further parameters gives you the same interactive workflow as we saw earlier with Login-AzureRMAccount. ASM supports a couple other options for more convenient authentication, but we'll cover those in a future blog post.
If you're interested in publish settings files and other Azure legacy detritus, then check out the links at this post's conclusion.
Once you've connected to your ARM subscription, make sure you've selected the proper subscription (if you have access to multiple subs, that is). It's convenient to specify a default storage account for the current session.
Run Get-AzureRMSubscription to get the subscription names and/or IDs:
Get-AzureRmSubscription SubscriptionName : sub1 SubscriptionId : 3d935138-40b5-408c-98e9 TenantId : 133f6972-44a7-4037-8eea State : Enabled SubscriptionName : sub2 SubscriptionId : 7be05db5-0dea-4ffe-b309 TenantId : 133f6972-44a7-4037-8eea State : Enabled [/code]
We can now set our chosen subscription as our session default like so:
Get-AzureRMSubscription -SubscriptionName 'sub2' | Set-AzureRMContext [/code]
Finally, we'll set our session default Azure storage account (use Get-AzureRMResourceGroup and Get-AzureRMStorageAccount to retrieve resource group and storage account names, respectively):
Set-AzureRMCurrentStorageAccount -ResourceGroupName 'rg-sub2' -StorageAccountName 'sa-sub2' [/code]
For Further Learning
Rather than bury important documentation and tutorial links within the body of my blog posts, I prefer to aggregate them at the end. Here ya go--happy studying!