azurepowershellpowershell-az-module

Users cant authenticate to AZ using ConnectToAzure

I have a PowerShell script which logs into Az. Using PS 7.2.4, AZ Module 12. Tested on Win 10 and 11.

The script uses AZconnect to access Azure and grab some information. It works fine on my PC. However, when other users run the script on their PCs, it doesnt actually log them in, so when it runs a AZ command it gives the error:

"Get-AzVM: Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.Authentication failed against tenant . User interaction is required. This may be due to the conditional access policy settings such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId '."

The script uses the following code

$USER = 'AnAccount@atenant.onmicrosoft.com'
$PWORD = ConvertTo-SecureString -String 'Password' -AsPlainText -Force 
$Credential = New-Object -TypeName System.Management.Automation.PSCredential ($USER, $PWORD)
Connect-AzAccount -TenantID '<ID here>' -subscription <SubID here> -Credential $Credential

To de-bug, I've run those lines line by line, and it works fine on my PC but on other users PCs the Connect-AzAccount doesn't log in. The warning they get is:

WARNING: Unable to acquire token for tenant '' with error 'Authentication failed against tenant . User interaction is required. This may be due to the conditional access policy settings such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId <tenantID'.

I'm running in Admin mode on users PCs and also setting execution-policy. When I run Az-context, it lists the correct account,Tenant and subscription. The account does not use MFA and its not yet using Conditional Access Policy.

Its not a permissions thing on the account being used as the script works fine when I run it.

I appreciate its not the most secure method, but I'd rather not change from this log-in method (it works for me, the script is private and the account is basic).

Can anyone explain why it works on my PC but not others and how to fix it.

Thanks a lot in advance.

Solution

  • It turns out that MS has somehow messed up the Az-Connect login process. See https://github.com/Azure/azure-powershell/issues/24967