Looking for something?

Developing with Azure Resource Manager - Part 2 - Getting started with the AzureRm PowerShell cmdlets


This is the second part in my series about Azure Resource Manager. In this post we will take a look at some of the AzureRm PowerShell cmdlets to get us started. This article is assuming that you've already followed the steps as lined out in Part 1, to set up your AAD Application and Service Principals and saved your credentials etc.

Q: Why use a Service Principal rather than just a user/password from my normal account?

A: If you want automation from CI/a service or you want to have your custom applications authenticate to your AAD and work with Azure Resource Manager, you don't want to use your own username/password but instead a dedicated service user. This is why we have the Service Principal accounts dedicated for this.

Working with the Azure Resource Manager PowerShell cmdlets

Right, to the point. We're going to investigate some of the feature set that the ARM PowerShell cmdlets can offer us, and how we can use them.

The reason why I want to highlight this in this post, is partly because it's a fairly new concept and not a lot of people have been aquainted with it yet - but also because since I started working with the ARM (Azure Resource Manager) the last few weeks, there's no going back. Things work - and they work well.

Note from the field: I've been working with the Azure Resource Manager for a while now, and there's a lot of changes happening. Some of the things listed here may or may not have changed when you read it. If you encounter any operation that does not work, please leave a comment and I'll get on it to make an update.

Authenticate your Service Principal in your PowerShell Session

If you're uncertain about the whole service principal thing, please visit Part 1 in this article series and take a look first to get things set up - then re-visit here.

Authenticate using the Service Principal like this:

Step 1: Get a credential using your Service Principal Id and Password

$svcPrincipal = Get-Credential

Then run $svcPrincipal to make sure your object $svcPrincipal is mapped to the credential:


The output should look something like this:

Get-Credential for Azure Rm Service Principal

Step 2: Login to AzureRm

Next, simply run the following command. Please note that the TenantId parameter refers to the directory guid of your AAD.

Login-AzureRmAccount -Credential $svcPrincipal -ServicePrincipal -tenantId "[TENANT GUID]"  

The output should look something like this:

Login-AzureRmAccount in order to authenticate the PowerShell session

Awesome, you're successfully authenticated. Good for you - let's move on.

Run AzureRm cmdlets to get data from Azure

Great. We're able to get our session authenticated. Now we can easily run any PowerShell command that the AzureRm supports.

Here's some documentation on using the Cmdlets: https://azure.microsoft.com/en-us/documentation/articles/powershell-azure-resource-manager/

Example: Get all Resource Groups using PowerShell

If you want to simply list all the Resource Groups, run this:

Get-AzureRmResourceGroup | ft ResourceGroupName,Location,ProvisioningState  

The output should look similar to this, but with your own Resource Groups from your Azure subscription:

Get all Azure Resource Groups using PowerShell and Get-AzureRmResourceGroup

Example: Create a Resource Group using PowerShell

Even more fun is to create an Azure Resource Group. Let's do that:

New-AzureRmResourceGroup -Name Zimmergren.ARM.Test123 -Location "North Europe"  

This should yield a result that looks like this:

Create a new Azure Resource Group using New-AzureRmResourceGroup

If you navigate to your Azure Portal and list your Resource Groups, you should also see the newly created Resource Group there:

View your Azure Resource Groups in the Azure Portal and see your newly created resource group

If you're looking to work with a specific resource group, you can get a specific instance by applying the -Name parameter:

$myRg = Get-AzureRmResourceGroup -Name Zimmergren.ARM.Test123

This would search through the Resource Groups and only return the one that exactly matches what you've entered in the -Name parameter:

Get a specific Azure Resource Group by using Get-AzureRmResourceGroup -Name


As soon as the AAD Application and your Service Principal are set up properly (I would recommend this over using your own account), you can easily manage all your resources from the powershell cmdline.

I could go deeper into detail about specific cmdlets here, but they're pretty well documented over at the azure documentation website.

As a mental note to myself I want to leave this post here as a reference when there's a need to configure the auth and run continuous integration using Azure RM.

In some of the following articles we will take a look at Azure Resource Manager Templates and how they work - this means we'll deploy a resource group including services under that group, all by running just a PowerShell cmdlet, a C# or REST API call to the ARM.

I hope you enjoyed.

0 Comments 20 February 2016
Tobias Zimmergren

Tobias Zimmergren

Hi, I'm Tobias. I am a Microsoft MVP for SharePoint and I use this site to share my thoughts on tech with you on topics like SharePoint, Office 365, Azure and general web development.

  Malmö, Sweden

Related Post

Comments powered by Disqus