Difference Between Add-AzureAccount and Login-AzureRMAccount

 PROBLEM: You need to connect to your Microsoft Azure subscription from a PowerShell session, but whether to use the Add-AzureAccount or Login-AzureRMAccount cmdlets leaves you confused and frustrated.

SOLUTION: If you need to use the legacy Azure Service Management (ASM) deployment model, use the Add-AzureAccount cmdlet. If you need to use the current Azure Resource Manager (ARM) deployment model,  use the Login-AzureRMAccount cmdlet.

Login-AzureRMAccount

Use Azure V1, otherwise known as Azure Service Management or ASM, only if you have a compelling reason to do so (for example, supporting older Azure deployments).

Azure Resource Manager (ARM) is Microsoft’s rearchitecture of their Azure public cloud. ARM sports its own HTML5 web portal, a JSON-based REST API, template-based deployment, role-based access control (RBAC), and a large collection of additional features.

Use ARM for new Azure deployments. To give you a visual cue, I show you the Azure ARM portal in Figure 1. The ARM Uniform Resource Locator (URL) to remember is portal.azure.com.

arm-portal
Figure 1. Azure Resource Manager web administration portal.

Install the AzureRM PowerShell modules on your administrative workstation before you authenticate to Azure with Login-AzureRMAccount. Do this from an elevated PowerShell session (I assume you’re running PowerShell 5 here):



Install-Module -Name AzureRM -Verbose -Force

[/code]

Next, run the Login-AzureRMAccount cmdlet; you'll see an interactive authentication dialog box as shown in Figure 2.

arm-login
Figure 2. Azure interactive authentication.

If you supply a Microsoft Account credential and not an Azure Active Directory (AD) credential, then Azure will redirect you to a Microsoft Account sign-in page, as shown in Figure 3.

fed-login
Figure 3. Federated login from Microsoft Account.

NOTE: The ARM cmdlets Login-AzureRMAccount and Add-AzureRMAccount are synonymous thanks to PowerShell's command alias system. You can use either cmdlet, but I always use Login-AzureRMAccount by force of habit.


If you want to authenticate with an Azure AD account (also called a work, school, or organizational account), you can try:



$cred = Get-Credential

Login-AzureRMAccount -Credential $cred

[/code]

I'll cover how to automate Azure authentication (useful for scripting scenarios) in a future blog post.

Add-AzureAccount

If you have legacy Azure assets that are dependent on ASM, then you're forced to use the Add-AzureAccount cmdlet to connect to your Azure subscription. Remember that the ASM and ARM APIs share limited common ground; for all intents and purposes, they are incompatible.

Figure 4 shows you the Azure v1 ASM portal at manage.windowsazure.com.

asm-portal
Figure 4. Azure Service Management portal.

Running Add-AzureAccount with no further parameters gives you the same interactive workflow as we saw earlier with Login-AzureRMAccount. ASM supports a couple other options for more convenient authentication, but we'll cover those in a future blog post.

If you're interested in publish settings files and other Azure legacy detritus, then check out the links at this post's conclusion.

What Next?

Once you've connected to your ARM subscription, make sure you've selected the proper subscription (if you have access to multiple subs, that is). It's convenient to specify a default storage account for the current session.

Run Get-AzureRMSubscription to get the subscription names and/or IDs:



Get-AzureRmSubscription

SubscriptionName : sub1
SubscriptionId : 3d935138-40b5-408c-98e9
TenantId : 133f6972-44a7-4037-8eea
State : Enabled

SubscriptionName : sub2
SubscriptionId : 7be05db5-0dea-4ffe-b309
TenantId : 133f6972-44a7-4037-8eea
State : Enabled

[/code]

We can now set our chosen subscription as our session default like so:



Get-AzureRMSubscription -SubscriptionName 'sub2' | Set-AzureRMContext

[/code]

Finally, we'll set our session default Azure storage account (use Get-AzureRMResourceGroup and Get-AzureRMStorageAccount to retrieve resource group and storage account names, respectively):



Set-AzureRMCurrentStorageAccount -ResourceGroupName 'rg-sub2' -StorageAccountName 'sa-sub2'
[/code]

For Further Learning

Rather than bury important documentation and tutorial links within the body of my blog posts, I prefer to aggregate them at the end. Here ya go--happy studying!

6 comments

  1. Hey Tim,

    Thanks for putting this wonderful article together. It would be great if you could please clarify this a bit. When I run “help Login-AzureRMAccount” it displays the details for “Add-AzureRMAccount” cmdlet. Are both these cmdlets the same and can they be used interchangeably?

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s