Azure Basics: Connecting with Azure (PowerShell)
In this article, I will explain how to set up a connection with Azure. Moreover, I aim to clarify and give helpful advice on how to connect with Azure Subscription via PowerShell.
To begin with, it is important that you distinguish what you want to connect with: Is it Azure Subscription or Azure Active Directory?
Index
Azure Subscription vs. Azure Active Directory
First, some basics on the terminology:
- Azure Active Directory (AAD) is the identity provider for Azure Subscription and also Azure Cloud apps.
- Azure Subscription (Tenant) has a trust relationship with Azure AD through which it connects with the directory.
So you should decide on one of the following options:
- Do you want to create a connection with Azure Subscription?
This is neccessary for setting up new virtual servers, for instance. - Or: Do you want to create a connection with Azure Active Directory?
The Azure Subscription connects with AAD, for example to authenticate users.
In summary then, these are the two different ways to administer with PowerShell.
Connecting with Azure Subscription (Tenant)
The basic requirement for connecting with Azure Subscription is the implementation of all necessary PowerShell modules.
Furthermore, you need to install Microsoft Azure PowerShell via WebPI Installer: LINK
It requires the installation of two basic components from the WebPI Installer:
- Microsoft Azure PowerShell
- Microsoft Azure Cross-platform Command Line Tools
Afterwards you can load the Azure cmdlets with the command Import-Module Azure:
|
1 |
Import-Module Azure |
The next step is to download AzurePublishSettingsFile to enable a connection with the Tenant. The cmdlet Get–AzurePublishSettingsFile automatically starts a web browser. Simply start the download after you have registered for the Azure Subscription.
|
1 |
Get-AzurePublishSettingsFile |
Now, load the SettingsFile with cmdlet Import-AzurePublishSettingsFile:
|
1 |
Import-AzurePublishSettingsFile |
In this way you created a connection with the Azure Service Management.
Additionally, you need another registration to work with Azure Resource Manager (Azure RM).
Registering with Azure Resource Manager
To be able to use Azure RM you need to login with a username and password. For this purpose you apply the cmdlet Login-AzureRMAccount.
|
1 2 |
$cred = Get-Credential Login-AzureRmAccount -Credential $cred |
The cmdlet Get-Credential asks for a username and password. It is important that you specify beforehand your user account of the Azure Subscription. Next, Login-AzureRMAccount selects the correct Tenant according to the e-mail address.
Make sure not to enter the Microsoft Live-ID you used for creating the subscription. This will result in the following error:
Login-AzureRmAccount : -Credential parameter can only be used with Organization ID credentials.
To avoid the error just use another “not Live-ID” address. It will work with any address of the type <username>@<e-mail-suffix> .onmicrosoft.com.
It is worth mentioning that you won’t be able to manage user accounts of your Azure AD in this context. In other words, you can change the settings of virtual machines or provision new SQL databases. However, in order to manage Azure AD you will need different cmdlets.
Connecting with Azure Active Directory
For registering with AAD you have to install two additional components:
- Microsoft Online Services Sign-In Assistant
- Windows Azure Active Directory-module for Windows PowerShell
After finishing the installations you can load the cmdlets with the following module:
|
1 |
Import-Module MSonline |
Registering with Azure AD follows almost the same pattern as with Azure RM.
- Login-AzureRmAccount: Azure Resource Manager
- Connect-MsolService: Azure Active Directory
|
1 2 |
$cred = get-credential connect-msolservice -credential $cred |
Please be aware that the same restrictions are valid as with AzureRM. You can not use your Windows Live-ID for registration. It is worth mentioning that the error report is different and the message therefore more difficult to understand:
Connect-MsolService: Exception of type ‚Microsoft.Online.Administration.Automation.MicrosoftOnlineException‘ was thrown.
As described above, once you use a “non-Live-ID account” the login works without any problems. On top of that there will be some “Msol” cmdlets available to manage Azure AD.
With the help of cmdlet Get-MsolUser you can display all user accounts of the Azure Active Directory:
|
1 |
Get-MsolUser |
In summary
The administration of Azure Subscription differs from managing and connecting with Azure Active Directory.
Azure Subscription:
- Microsoft Azure PowerShell (via WebPI)
- AzurePublishSettingsFile
- Get-Azure* cmdlets
Azure Active Directory:
- Microsoft Online Services Sign-In Assistant
- Microsoft Azure Active Directory Module
- Get-Msol* cmdlets
We are happy to provide you with helpful advice relating to Azure. Save time and let us make complicated alternatives easier to understand. Please get in touch!
FirstAttribute AG – Microsoft Consulting Partner for
Migration and Active Directory
Leave a Reply
<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>