Connect-Entra

Module:: Microsoft.Entra Module v1.1

Connect to Microsoft Entra ID with an authenticated account.

Syntax

UserParameterSet (Default)

Connect-Entra
[[-Scopes]
    [[-Scopes] <String[]>]
    [[-ClientId] <String>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-UseDeviceCode]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

AppCertificateParameterSet

Connect-Entra
[-ClientId]
    [-ClientId] <String>
    [[-CertificateSubjectName] <String>]
    [[-CertificateThumbprint] <String>]
    [-SendCertificateChain <Boolean>]
    [-Certificate <X509Certificate2>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

IdentityParameterSet

Connect-Entra
[[-ClientId]
    [[-ClientId] <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-Identity]
    [-NoWelcome]
    [<CommonParameters>]

AppSecretCredentialParameterSet

Connect-Entra
[-ClientSecretCredential
    [-ClientSecretCredential <PSCredential>]
    [-TenantId <String>]
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

AccessTokenParameterSet

Connect-Entra
[-AccessToken]
    [-AccessToken] <SecureString>
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-NoWelcome]
    [<CommonParameters>]

EnvironmentVariableParameterSet

Connect-Entra
[-ContextScope
    [-ContextScope <ContextScope>]
    [-Environment <String>]
    [-ClientTimeout <Double>]
    [-EnvironmentVariable]
    [-NoWelcome]
    [<CommonParameters>]

Description

The Connect-Entra cmdlet connects to Microsoft Entra ID with an authenticated account.

Several authentication scenarios are supported based on your use case, such as delegated (interactive) and app-only (non-interactive).

Connect-Entra is an alias for Connect-MgGraph.

Parameters

-AccessToken

Specifies a bearer token for Microsoft Entra service. Access tokens do time out and you have to handle their refresh.

Parameter properties

Type:	SecureString
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AccessTokenParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Certificate

An X.509 certificate supplied during invocation.

Parameter properties

Type:	X509Certificate2
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AppCertificateParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CertificateSubjectName

The subject distinguished name of a certificate. The certificate is retrieved from the current user's certificate store.

Parameter properties

Type:	System.String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	CertificateSubject, CertificateName

Parameter sets

AppCertificateParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CertificateThumbprint

Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.

Parameter properties

Type:	System.String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AppCertificateParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ClientId

Specifies the application ID of the service principal.

Parameter properties

Type:	System.String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	AppId, ApplicationId

Parameter sets

UserParameterSet

Position:	1
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

IdentityParameterSet

Position:	1
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

AppCertificateParameterSet

Position:	1
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ClientSecretCredential

The PSCredential object provides the application ID and client secret for service principal credentials. For more information about the PSCredential object, type Get-Help Get-Credential.

Parameter properties

Type:	PSCredential
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	SecretCredential, Credential

Parameter sets

AppSecretCredentialParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ClientTimeout

Sets the HTTP client timeout in seconds.

Parameter properties

Type:	System.Double
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ContextScope

Determines the scope of authentication context. This ContextScope accepts Process for the current process, or CurrentUser for all sessions started by user.

Parameter properties

Type:	ContextScope
Default value:	None
Accepted values:	Process, CurrentUser
Supports wildcards:	False
DontShow:	False

Parameter sets

UserParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

AppCertificateParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

IdentityParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

AppSecretCredentialParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

EnvironmentVariableParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Environment

The name of the national cloud environment to connect to. By default global cloud is used.

Parameter properties

Type:	System.String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	EnvironmentName, NationalCloud

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-EnvironmentVariable

Allows for authentication using environment variables configured on the host machine. See https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#environment-variables

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

EnvironmentVariableParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Identity

Sign-in using a managed identity

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	ManagedIdentity, ManagedServiceIdentity, MSI

Parameter sets

IdentityParameterSet

Position:	1
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-NoWelcome

Hides the welcome message.

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Scopes

An array of delegated permissions to consent to.

Parameter properties

Type:	System.String[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UserParameterSet

Position:	1
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SendCertificateChain

Include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication using given certificate.

Parameter properties

Type:	Boolean
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AppCertificateParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-TenantId

Specifies the ID of a tenant.

If you don't specify this parameter, the account is authenticated with the home tenant.

You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.

Parameter properties

Type:	System.String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	Audience, Tenant

Parameter sets

UserParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

AppCertificateParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

AppSecretCredentialParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-UseDeviceCode

Use device code authentication instead of a browser control.

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	UseDeviceAuthentication, DeviceCode, DeviceAuth, Device

Parameter sets

UserParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Disconnect-Entra

Share via

Connect-Entra

Syntax

UserParameterSet (Default)

AppCertificateParameterSet

IdentityParameterSet

AppSecretCredentialParameterSet

AccessTokenParameterSet

EnvironmentVariableParameterSet

Description

Parameters

-AccessToken

Parameter properties

Parameter sets

-Certificate

Parameter properties

Parameter sets

-CertificateSubjectName

Parameter properties

Parameter sets

-CertificateThumbprint

Parameter properties

Parameter sets

-ClientId

Parameter properties

Parameter sets

-ClientSecretCredential

Parameter properties

Parameter sets

-ClientTimeout

Parameter properties

Parameter sets

-ContextScope

Parameter properties

Parameter sets

-Environment

Parameter properties

Parameter sets

-EnvironmentVariable

Parameter properties

Parameter sets

-Identity

Parameter properties

Parameter sets

-NoWelcome

Parameter properties

Parameter sets

-Scopes

Parameter properties

Parameter sets

-SendCertificateChain

Parameter properties

Parameter sets

-TenantId

Parameter properties

Parameter sets

-UseDeviceCode

Parameter properties

Parameter sets

CommonParameters

Related Links

Feedback