Connect-AzAccount : Invalid provider type specified.

Connect-AzAccount : Invalid provider type specified.

Creating a service principal in Azure AD and using certificate based authentication is a common practice when building automation scripts in PowerShell. If you’ve landed on this blog post there’s a very good chance that you’ve followed the steps provided by Microsoft and been unsuccessful. Not to worry, the fix is actually quite simple.

To ensure that your certificate based authentication works, you’ll need to add the -Provider parameter to New-SelfSignedCertificate PowerShell cmdlet with the value “Microsoft Enhanced RSA and AES Cryptographic Provider”. For example –

New-SelfSignedCertificate -dnsname some.domain.com -CertStoreLocation cert:\LocalMachine\My -Provider “Microsoft Enhanced RSA and AES Cryptographic Provider”

Now when you export the certificate and import to your Azure Service Principal you should be able to successfully connect using Connect-AzAccount. Eg,

Connect-AzAccount -ServicePrincipal -TenantId $TenantId -ApplicationId $AppId -CertificateThumbprint $CertThumb 

Leave a Comment