Trying to connect to AzureAD with PowerShell but getting unknow credential

Question

I can connect to AzureAD using the following command just fine and run queries against AD

Connect-AzureAD -Confirm

However when i attempt to user the Get-Credential and store it as a variable, it does not seem to work, not sure why i am getting the Unsupported User Type 'Unkown'

> $Credential = Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
> Connect-AzureAD -Credential $Credential
WARNING: Install the latest PowerShell module, the Microsoft Graph PowerShell SDK, for new features and improvements!
https://aka.ms/graphPSmigration
Connect-AzureAD : One or more errors occurred.
At line:1 char:1
+ Connect-AzureAD -Credential $Credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-AzureAD], AggregateException
    + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Connect-AzureAD : Unsupported User Type 'Unknown'. Please see https://aka.ms/msal-net-up.
At line:1 char:1
+ Connect-AzureAD -Credential $Credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-AzureAD], MsalClientException
    + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Connect-AzureAD : One or more errors occurred.
At line:1 char:1
+ Connect-AzureAD -Credential $Credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-AzureAD], AggregateException
    + FullyQualifiedErrorId : System.AggregateException,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

I know my creds are right when storing them as the variable, not sure why i get an error when using this method.

Answer 1

Trying to connect to AzureAD with PowerShell but getting unknow credential.

Thanks to jdweng for suggesting the same point.

The above error is encountered when you are passing local VM credentials for connecting to Azure AD. Azure AD requires the user UPN and password, as it needs the domain name for connecting to Azure AD.

When I pass the correct Azure AD UPN and password instead of a local username, it connects to Azure AD and is able to fetch the user details.

    Install-Module AzureAD
    $Credential = Get-Credential
    Connect-AzureAD -Credential $Credential
    Get-AzureADUser -Top 10

Answer 2

As already mentioned by Venkat V, the issue is probably due to how you are passing the user login information. As long as you provide the UPN the command will work, but you should also take into consideration that by getting credentials and using -credential you are performing basic auth which will be a problem in some cases, specially if you have MFA configured.

As a simple solution, since you are using Get-Credential to get username and password, you can just directly call the Connect-AzureAD and that will prompt through normal Azure login screen for the user to type his credentials for authentication.

On a side note, you should avoid using the AzureAD module and instead use the Microsoft Graph Powershell module. The AzureAD module is already schedule for deprecation.