Switching Between Azure Accounts

When working with multiple Azure accounts or subscriptions, you may encounter issues where the Azure CLI tools cache your credentials. This guide provides a comprehensive approach to switching between Azure accounts correctly.

The problem

The Azure CLI and Azure Developer CLI (azd) cache authentication tokens to improve performance. However, this can cause issues when you need to work with a different Azure account or subscription. Commands may fail or operate on the wrong subscription if you don't explicitly switch contexts.

Step-by-step process

Step 1: Log out of the current Azure account

First, you need to explicitly log out. This will clear the cached tokens for the currently authenticated user. Run the following command in your terminal:

az logout

This command removes all subscriptions from the local cache for the current account.

Step 2: Log in with the new account

Now, initiate the login process for the new account you want to use.

az login

This command will open a web browser where you can enter the credentials for your desired Azure account. After you successfully sign in, the browser tab will close, and your terminal will show the subscriptions associated with the new account.

Pro Tip: If you work with multiple tenants (directories), you can make the login more specific by providing the tenant ID:

az login --tenant "your-tenant-id.onmicrosoft.com"

Step 3: Set the correct subscription (important)

After logging in, your new account might have access to multiple subscriptions. It's a good practice to explicitly set the one you want to work with.

First, list all available subscriptions for the new account:

az account list --output table

Find the SubscriptionId or Name of the subscription you want to use, and then set it as the active one:

az account set --subscription "Your-Subscription-ID-or-Name"

Step 4: Set azd environment defaults

If you're working with Azure Developer CLI (azd), it's important to ensure your .azure environment configuration defaults to the correct subscription and location. Set these environment variables for your specific environment:

azd env set AZURE_SUBSCRIPTION_ID <YOUR_SUBSCRIPTION_ID> -e mindormachine-dev
azd env set AZURE_LOCATION eastus -e mindormachine-dev

Replace mindormachine-dev with your actual environment name and <YOUR_SUBSCRIPTION_ID> with your subscription ID. This ensures the .env file in the .azure folder defaults to the correct subscription.

Step 5: Verify your configuration

Before running your azd or az commands, verify that you're using the correct account and subscription:

az account show --output table

This will display details about the currently active subscription, including the subscription name, ID, and tenant.

Step 6: Run your command

Now that you are authenticated with the correct account and have set the right subscription, you can run your commands. They will now use the new context.

azd pipeline config -e your-environment-name

Clearing the cache (advanced)

While az logout is the standard way to handle account switching, if you ever suspect the cache is truly corrupted or want to perform a more forceful clearing, you can use the az cache command.

az cache purge

This command deletes all cached data from the CLI's cache directory (~/.azure/cache). It's a more aggressive step and usually not necessary for simple account switching, but it's a useful tool if you encounter persistent caching issues.

Common scenarios

Working with multiple tenants

If you're a consultant or work across multiple organizations, you may need to switch between different Microsoft Entra ID (formerly Azure Active Directory) tenants frequently. In this case, always use the --tenant flag during login:

az login --tenant "tenant-id"

Switching subscriptions without logging out

If you're already logged in but just need to switch to a different subscription under the same account, you don't need to log out. Simply run:

az account set --subscription "Subscription-Name-or-ID"

Checking your current context

Not sure which account or subscription you're currently using? Check with:

az account show

Best practices

Always verify your context before running deployment or configuration commands
Use descriptive subscription names to make it easier to identify the right one
Consider using Azure CLI profiles for managing multiple configurations
Document tenant IDs for the organizations you work with regularly
Set default subscriptions for your most commonly used accounts

Troubleshooting

If you continue to experience authentication issues after following these steps:

Clear the Azure cache: az cache purge
Clear the Azure Developer CLI cache: Remove ~/.azd directory
Log out completely: az logout
Restart your terminal
Log back in with explicit tenant specification

Every Bit of Support Helps!

If you found this guide helpful, please consider buying me a coffee ☕ to support more content like this!

The problem​

Step-by-step process​

Step 1: Log out of the current Azure account​

Step 2: Log in with the new account​

Step 3: Set the correct subscription (important)​

Step 4: Set azd environment defaults​

Step 5: Verify your configuration​

Step 6: Run your command​

Clearing the cache (advanced)​

Common scenarios​

Working with multiple tenants​

Switching subscriptions without logging out​

Checking your current context​

Best practices​

Troubleshooting​