Authentication Methods
DOCUMENT CATEGORY: Runbook SCOPE: Azure authentication for deployment scripts PURPOSE: Establish an authenticated Azure session before running deployment scripts MASTER REFERENCE: Microsoft Learn — Azure Authentication
Status: Active
Authentication
This documentation assumes all scripts are run manually. For full CI/CD automation, see the automation section of the toolkit repository. For portal-based tasks, sign in with the credentials provided for the target tenant.
Before running any deployment script, you must establish an authenticated Azure session targeting the correct tenant and subscription. Choose one of the following authentication methods based on your environment.
Replace the placeholder values below with your tenant and subscription IDs from the infrastructure configuration file (configs/infrastructure-<env>.yml).
- Azure PowerShell
- Azure CLI (PowerShell)
- Azure CLI (Bash)
Use this method when running PowerShell deployment scripts with the Az module.
# Requires: Az.Accounts module 2.0+ | PowerShell 7.0+
# --- Set your environment values ---
$TenantId = "<your-tenant-id>"
$SubscriptionId = "<your-subscription-id>"
# Connect to Azure
Connect-AzAccount -TenantId $TenantId
# Set the active subscription
Set-AzContext -SubscriptionId $SubscriptionId
# Verify
Get-AzContext | Format-List Account, Subscription, Tenant, Environment
Use this method when running Azure CLI commands from a PowerShell terminal.
# Requires: Azure CLI 2.50+
# --- Set your environment values ---
$TenantId = "<your-tenant-id>"
$SubscriptionId = "<your-subscription-id>"
# Connect to Azure
az login --tenant $TenantId
# Set the active subscription
az account set --subscription $SubscriptionId
# Verify
az account show --output table
Use this method when running Azure CLI commands from a Bash terminal on Linux or macOS.
# Requires: Azure CLI 2.50+
# --- Set your environment values ---
TENANT_ID="<your-tenant-id>"
SUBSCRIPTION_ID="<your-subscription-id>"
# Connect to Azure
az login --tenant "$TENANT_ID"
# Set the active subscription
az account set --subscription "$SUBSCRIPTION_ID"
# Verify
az account show --output table
For headless or remote sessions (SSH, jump boxes), add the device code flag:
- Az PowerShell:
Connect-AzAccount -TenantId $TenantId -UseDeviceAuthentication - Azure CLI:
az login --tenant $TENANT_ID --use-device-code
For session verification, troubleshooting, service principal authentication, and permission transition details, see Appendix C: Authentication & Session Setup.
Navigation
| Previous | Up | Next |
|---|---|---|
| Prerequisites and Assumptions | Implementation Guide | Azure Foundation |
Version Control
- Created: 2026-01-15 by Azure Local Cloudnology Team
- Last Updated: 2026-03-02 by Azure Local Cloudnology Team
- Version: 2.0.0
- Tags: azure-local, authentication, azure-cli, azure-powershell
- Keywords: authentication, Connect-AzAccount, az login
- Author: Azure Local Cloudnology Team