After you install the Azure PowerShell modules, you can connect the Azure PowerShell session to the Azure subscriptions that you want to manage. To establish this connection, you first need to authenticate by using an account that exists in the Azure AD tenant and that is associated with the target subscription.

This can be a Microsoft account that you either used to create the subscription or added subsequently to the subscription’s Azure AD tenant. Alternatively, you can also create new accounts in Azure AD. These accounts were formerly referred to as organizational accounts and are now known as work or school accounts.

When managing Azure Resource Manager resources, you authenticate by running the Add-AzureRmAccount cmdlet. By default, running this cmdlet opens a browser window prompting you for the user name and the password of a user account with access to the Azure subscription that you intend to manage.

Azure AD authentication is token-based, and after signing in, the user remains authenticated until the authentication token expires. The expiration time for an Azure AD token is 12 hours.

After you authenticate, you can use the Get-AzureRmSubscription cmdlet to view a list of subscriptions associated with your account. If you have multiple subscriptions, you can specify the one you want to manage by using the Set-AzureRmSubscription cmdlet and providing either the subscription name or ID. You can identify the subscription name and ID by reviewing the output of the Get-AzureRmSubscription cmdlet.

After you authenticate from within a Windows PowerShell session, Azure PowerShell automatically generates a collection of session-related objects, which is known as the session context. That context contains objects such as the account, Azure subscription, and corresponding Azure AD tenant. You can manage the content of the context by using the Set-AzureRmContext and Select-AzureRmSubscription cmdlets and view the context by using the **Get-AzureRmContext **cmdlet.

When managing Azure Service Management services, you authenticate by running the Add-AzureAccount cmdlet. For access to subscription management functionality that is equivalent to that from Get-AzureRmSubscription and Select-AzureRmSubscription, you can run the corresponding Azure PowerShell cmdlets, including Get-AzureSubscription and Select-AzureSubscription. However, in this case, no corresponding session context exists, so you need to manage its components separately.

Cheers,

Marcos Nogueira azurecentric.com Twitter: @mdnoga