Default to Device Authentication when Connecting to Azure with Windows PowerShell

Windows 10 Enterprise edition version 2004 is used for the scenarios demonstrated in this blog article. If you’d like to follow along, you’ll also need to install PowerShell version 7 and the Az PowerShell module.

As stated in the help for Connect-AzAccount, the UseDeviceAuthentication parameter is the default authentication type for PowerShell version 6 and higher.

help Connect-AzAccount -Parameter UseDeviceAuthentication


What this means is that you’re provided with a URL and a code. They’re used to authenticate with Azure when signing in interactively from PowerShell.



By default, Windows PowerShell prompts you to sign in with a GUI:



Replicating the default behavior from PowerShell 7 in Windows PowerShell is easy enough using the UseDeviceAuthentication parameter:

Connect-AzAccount -UseDeviceAuthentication


To set this type of behavior as the default in Windows PowerShell, add the UseDeviceAuthentication parameter to your $PSDefaultParameterValues preference variable:



Once added, anytime that you sign in to Azure from Windows PowerShell, it will default to the same behavior as PowerShell 7:




The values stored in $PSDefaultParameterValues don’t persist between PowerShell sessions. Adding the items to your PowerShell profile is the key to making them persist.

Use $PSDefaultParameterValues with caution. It could lock you into a particular parameter set as is the case with the scenario outlined in this blog article.

Don’t enclose Boolean values in quotes that you add to $PSDefaultParameterValues. Using quotes causes the values to be added, but not work properly.


Additional Information

Migrate from the AzureRM to the Az PowerShell module. AzureRM will continue to receive bug fixes until at least December 2020.