As I think I mentioned in another post I have recently re-joined IBM and part of my normal onboarding activity would be to get access to the corporate Azure subscription for testing etc. However, I have not got around to doing this as yet. This has not been a problem up to now as I have a personal account (although this does have a fixed limit) and I have also been taking advantage of the time boxed subscriptions that come with some of the MS Learning content.
Anyway, today I wanted to try something out in PowerShell and what I normally do (for development usage only, I would hasten to add) is store the relevant username and password as variables and pass the credential object as a variable in the Connect-AzAccount command. However, when I tried this with my personal account I received the following error/warning and was not able to connect.
‘Unable to acquire token for tenant ‘organization’ with error ‘usernamepasswordcredential authentication failed: ROPC does not support MSA account.
Connect-AzAccount : UsernamePasswordCredential authentication failed: ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for
details.
At line:8 char:1 Connect-AzAccount -Credential $credentialObejct
This same error occurs if you use the Get-Credential command directly as well as creating a credential object. It appears that this is something to do with how the PSCredential/Get-Credential object/command handles personal accounts. The only way I was able to authenticate using a personal account in this way is to use the command without credentials and authenticate via the browser, which is a little clunky and time consuming.
As I do not want to enter my username and password every time I want to log in via PowerShell I ended up adding an organisational account to my personal tenant. I then used this organisational account when authenticating via PowerShell and at this point the PowerShell command started working as expected.