Introduction

PowerShell is an important weapon in the arsenal of an administrator to maintain a control over the systems they are responsible. PowerShell provides a nice way of automating a lot of things thus saving the time and effort of an administrator. In case of Automating Azure related Administrator task, Microsoft has provided Microsoft AzureRm PowerShell Module which can be used to write scripts. The module is great and provides a lot of functionalities related to various aspects and offerings of Azure.

↑Back To Top


Problem Statement

When PowerShell script is written for automation of Azure support task, it is mandatory to sign onto the azure first and then execute the rest of the cmdlets related to the actual operation.  This login needs to be done manually by entering the user id and password of the Azure account.

The command used for the same is 

Login-AzureRmAccount

Once the command is encountered, the PowerShell script will open up a pop window where the administrator needs to enter the user id and password for the Azure account. Refer screen shot below.


As obvious it is, it poses a big problem with automating the Azure Support task using PowerShell. Following article discusses the use of azure context to automate this login process thereby removing the manual intervention.

What is Context

Azure context is a set of information that can be used by PowerShell session to autorize to the Azure cmdlets. It contains following information

  • Account : The account or the service principal which will be used to authorize to the cmdlets
  • Subscription: The subscription against which the cmdlets will be executed
  • TenantId: The tenant id of the Azure Active Directory where the account resides.
  • Environment: The cloud environment
  • Credentials: the login credentials.

This feature of retention of context between sessions is available from Azure PowerShell 6.3.0 onwards and is compatible with PowerShell 5.0

↑Back To Top


Solution

Installing AzureRm Module

In this article we will discuss how to install the AzureRM module using PowerShellGet. The AzureRm module can be installed using following command when run from the PowerShell window using Administrator rights.

Install-Module -Name AzureRM -AllowClobber

The process requires the version of NuGet newer than 2.8.5.201. If the version is older, a prompt asking us to download install the NuGet will  appear. We need to install the NuGet. Once the NuGet is installed, the cmdlet will try to download the Module from PowerShell Gallery. By Default the PowerShell  gallery s not configured as trusted repository. For the first time when we are using the PowerShell Gallery, we will get following message.
Untrusted repository
 
You are installing the modules from an untrusted repository. If you trust this repository, change
its InstallationPolicy value by running the Set-PSRepository cmdlet.
 
Are you sure you want to install the modules from 'PSGallery'?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"):

We need to answer this with Yes(Y) or Yes to All(A). This should take care of the installation.

Managing The Context

Saving Context

Once the AzureRM module is installed, it will be imported automatically when we start the session of PowerShell.  When we are saving the context for the first time, we will need to authorize the PowerShell to run azure cmdlets, for this we need to login using Azure Credentials. We will run following command which will cause the context to be saved to a safe location the computer.

As clear from above screen shot, the AzureRmContext.json will contain all the details regarding the subscription in it. Now when we close the session now the context will be available in the next session. In order to test if the context is correctly, let us run a new session of PowerShell and run a sample cmdlet as follows

Get-AzureRmResourceGroup

As clear from the output we can see that we did not need to execute the Login-AzureRmAccount cmdlet.

In order to get the information about the context, we can use the Get-AzureRmContext cmdlet. It gives output as following 

we have successfully saved the context for the current user and we can use this to automate the login process now. We can just write the PowerShell scripts to do the work we want to do without worrying about logging in again and again.

Disabling The Context

In case we want not to use the context in our PowerShell scripts and we want to login each time, then we can run the Disable-AzureRmContextAutoSave  and the credentials will simply be not available to us in the next session.

When we open a new session and run the Get-AzureRmResourceGroup command, we will get an error telling to log in using azure credentials.

In case we want to enable the automation, we just need to execute the Enable-AzureRmContextAutoSave cmdlet again. It is that simple!!

Clearing The Context

In order to completely wipe off the context(s) for current user, we can use the Clear-AzureRmContext cmdlet. It will delete all the context for the current user.
Note: After clearing the context, Enable-AzureRmContextAutoSave and Disable-AzureRmContextAutoSave will not work.  We will have to save the context by following the method mentioned above in "Saving the Context" header.

When we run the Clear-AzureRmContext we will get a prompt to confirm if we want to clear the context for the current user.

↑Back To Top


Conclusion

In this article we saw, how easy it is to automate the login process for the PowerShell scripts using AzureRm cmdlets.

↑Back To Top


See Also

In case of older version of AzureRM Powershell modules we need to use the service principal to automate the login process. More about it can be read at : Automating Azure Login For PowerShell Scripts using Service Principal

↑Back To Top


References

Following articles were referred while writing this article.

↑Back To Top