Sign in with Azure CLI
The Azure CLI supports several authentication methods. Restrict sign-in permissions for your use case to keep your Azure resources secure.
There are five authentication options when working with the Azure CLI:
|Azure Cloud Shell||Azure Cloud Shell automatically logs you in, so this is the easiest way to get started.|
|Sign in interactively||This is a good option when learning Azure CLI commands and running the Azure CLI locally. Log in through your browser with the az login command.|
|Sign in using a service principal||When you write scripts, using a service principal is the recommended approach. You grant just the appropriate permissions needed to a service principal keeping your automation secure.|
|Sign in with a managed identity||A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Using a managed identity eliminates the need for you to manage these credentials.|
|Sign in using Web Account Manager (WAM)||WAM is a Windows 10+ component that acts as an authentication broker. WAM provides enhanced security and enhancements are shipped with Windows.|
Find or change your current subscription
After you sign in, CLI commands are run against your default subscription. If you have multiple subscriptions, you can change your default subscription using
az account set --subscription. To learn more about managing Azure subscriptions, see How to manage Azure subscriptions with the Azure CLI.
When you sign in with a user account, Azure CLI generates and stores an authentication refresh token. Because access tokens are valid for only a short period of time, a refresh token is issued at the same time the access token is issued. The client application can then exchange this refresh token for a new access token when needed. For more information on token lifetime and expiration, see Refresh tokens in the Microsoft identity platform.
Depending on your sign in method, your tenant may have Conditional Access policies that restrict your access to certain resources.