Windows Azure AD authentication support for PowerShell

Last week Microsoft announced several fantastic updates to Windows Azure.

One of the updates I’m really excited about is the new Windows Azure Active Directory authentication support in PowerShell.  Previously to allow the Windows Azure PowerShell cmdlets to authenticate with Windows Azure, you’re only choice was via a management certificate.  There were two options to get that certificate:

  1. Download a .publishsettings file and import the file (Get-AzurePublishSettingsFile and Import-AzurePublishSettingsFile)
  2. Create a cert yourself and configure it in PowerShell (see my previous post)

While not a bad way to go, they came with the overhead of deal with management certs.

Configuring Windows Azure Active Directory authentication in PowerShell

1) Get-AzureAccount – To start with, let’s run the Get-AzureAccount cmdlet to see what accounts are already configured.  Since this is my first time, there shouldn’t be any listed.


2) Add-AzureAccount – this will open a browser dialog prompting me to authenticate with the Microsoft Account (formerly Live ID) that I want to use for managing my Windows Azure subscriptions.  For me, this one Microsoft Account is a co-admin on multiple subscriptions, and just happens to be a user in multiple Windows Azure AD tenants.



3)  That’s pretty much it.  If I try to list all my subscriptions, I’ll can easily do that with Get-AzureSubscription.  Notice how there is a “ActiveDirectoryUserId” field.



What did this actually do?

If I browse to my user profile directory (C:\Users\<username>\AppData\Roaming\Windows Azure Powershell), I can view the WindowsAzureProfile.xml file.  This is the file that was updated as a result of the Add-AzureAccount cmdlet.  It is basically what gets dumped when executing the Get-AzureSubscription cmdlet.

As noted here, the Windows Azure AD credentials available to PowerShell are good only for 12 hours.

See the most recent Windows Azure PowerShell change log at

3 thoughts on “Windows Azure AD authentication support for PowerShell

  1. Do you happen to know where I can register my own application for authenticating in the same way as the powershell tools. In my application I took the client ID and redirect URI from the powershell tools and was able to authenticate and manage my azure subscription. But I assume its not intended that my application should use the same client id, but cant find any information about where I can register my app. (I am creating a bootstrapping app for deploying a webrole to our users, so user log in from my app to azure and deploy our webrole).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.