Connect to Azure Stack Hub with PowerShell as a user
You can connect to Azure Stack Hub with PowerShell to manage Azure Stack Hub resources. For example, you can use PowerShell to subscribe to offers, create virtual machines (VMs), and deploy Azure Resource Manager templates.
To get setup:
- Make sure you have the requirements.
- Connect with Microsoft Entra ID or Active Directory Federation Services (AD FS).
- Register resource providers.
- Test your connectivity.
Prerequisites to connecting with PowerShell
Configure these prerequisites from the development kit, or from a Windows-based external client if you're connected through VPN:
- Install Azure Stack Hub-compatible Azure PowerShell modules.
- Download the tools required to work with Azure Stack Hub.
Make sure you replace the following script variables with values from your Azure Stack Hub configuration:
- Microsoft Entra tenant name
The name of your Microsoft Entra tenant used to manage Azure Stack Hub. For example, yourdirectory.onmicrosoft.com. - Azure Resource Manager endpoint
For Azure Stack Development kit, this value is set tohttps://management.local.azurestack.external
. To get this value for Azure Stack Hub integrated systems, contact your service provider.
Connect to Azure Stack Hub with Microsoft Entra ID
Add-AzEnvironment -Name "AzureStackUser" -ArmEndpoint "https://management.local.azurestack.external"
# Set your tenant name
$AuthEndpoint = (Get-AzEnvironment -Name "AzureStackUser").ActiveDirectoryAuthority.TrimEnd('/')
$AADTenantName = "<myDirectoryTenantName>.onmicrosoft.com"
$TenantId = (invoke-restmethod "$($AuthEndpoint)/$($AADTenantName)/.well-known/openid-configuration").issuer.TrimEnd('/').Split('/')[-1]
# After signing in to your environment, Azure Stack Hub cmdlets
# can be easily targeted at your Azure Stack Hub instance.
Connect-AzAccount -EnvironmentName "AzureStackUser" -TenantId $TenantId
Connect to Azure Stack Hub with AD FS
# Register an Azure Resource Manager environment that targets your Azure Stack Hub instance
Add-AzEnvironment -Name "AzureStackUser" -ArmEndpoint "https://management.local.azurestack.external"
# Sign in to your environment
Connect-AzAccount -EnvironmentName "AzureStackUser"
Register resource providers
Resource providers aren't automatically registered for new user subscriptions that don't have any resources deployed through the portal. You can explicitly register a resource provider by running the following script:
foreach($s in (Get-AzSubscription)) {
Select-AzSubscription -SubscriptionId $s.SubscriptionId | Out-Null
Write-Progress $($s.SubscriptionId + " : " + $s.SubscriptionName)
Get-AzResourceProvider -ListAvailable | Register-AzResourceProvider
}
Note
AD FS only supports interactive authentication with user identities. If a credential object is required, you must use a service principal (SPN). For more information on setting up a service principal with Azure Stack Hub and AD FS as your identity management service, see Manage an AD FS app identity.
Test the connectivity
When you've got everything setup, test connectivity by using PowerShell to create resources in Azure Stack Hub. As a test, create a resource group for an application and add a VM. Run the following command to create a resource group named "MyResourceGroup":
New-AzResourceGroup -Name "MyResourceGroup" -Location "Local"
Next steps
- Develop templates for Azure Stack Hub
- Deploy templates with PowerShell
- Azure Stack Hub PowerShell Module Reference
- If you want to set up PowerShell for the cloud operator environment, refer to the Configure the Azure Stack Hub operator's PowerShell environment article.