2

I'm following the official DBATools guide regarding how to query Azure SQL Databases.

This code is working:

$azureCredential = Get-Credential -Message 'Azure Credential'
$azureAccount = Connect-AzAccount -Credential $azureCredential
$azureToken = Get-AzAccessToken -ResourceUrl https://database.windows.net
$azureInstance = "test.database.windows.net"
$azureDatabase = "testsource"
$server = Connect-DbaInstance -SqlInstance $azureInstance -Database $azureDatabase -AccessToken $azureToken
Invoke-DbaQuery -SqlInstance $server -Query "SELECT @@VERSION" | Format-Table -AutoSize

Even if it's always showing the yellow errors:

WARNING: Unable to acquire token for tenant 'organizations' with error 'UsernamePasswordCredential
authentication failed: AADSTS53003: Access has been blocked by Conditional Access policies. The access
 policy does not allow token issuance.
Trace ID: e9cffe3d-xxxx-xxxx-xxxx-310b5365b200
Correlation ID: 99b44f31-xxxx-xxxx-xxxx-dbdfc97482db
Timestamp: 2022-09-05 10:36:32Z
See the troubleshooting guide for more information.
https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot'

and the red error:

Connect-AzAccount : UsernamePasswordCredential authentication failed: AADSTS53003: Access has been
blocked by Conditional Access policies. The access policy does not allow token issuance.
Trace ID: e9cffe3d-xxxx-xxxx-xxxx-310b5365b200
Correlation ID: 99b44f31-xxxx-xxxx-xxxx-dbdfc97482db
Timestamp: 2022-09-05 10:36:32Z
See the troubleshooting guide for more information.
https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot
At C:\Users\FrancescoMantovani\Desktop\test.ps1:2 char:17
+ $azureAccount = Connect-AzAccount -Credential $azureCredential
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Connect-AzAccount], AuthenticationFailedException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand

This is the picture:

enter image description here

Why is this working even if there is an error?

What does this error means and why I'm not kicked out?

Francesco Mantovani
  • 1,695
  • 14
  • 28

1 Answers1

1

This was the solution:

$azureAccount = Connect-AzAccount 
$azureToken = Get-AzAccessToken -ResourceUrl https://database.windows.net
$azureInstance = "test.database.windows.net"
$azureDatabase = "testsource"
$server = Connect-DbaInstance -SqlInstance $azureInstance -Database $azureDatabase -AccessToken $azureToken
Invoke-DbaQuery -SqlInstance $server -Query "SELECT @@VERSION" | Format-Table -AutoSize

That $azureCredential = Get-Credential -Message 'Azure Credential' was the one that was messing up.

Francesco Mantovani
  • 1,695
  • 14
  • 28