Merge pull request #3691 from MicrosoftDocs/main

Auto Publish – main to live - 2025-08-06 22:30 UTC

Author: learn-build-service-prod[bot]

.openpublishing.redirection.json

@@ -3,42 +3,42 @@
     {
       "redirect_document_id": false,
       "redirect_url": "/powershell/azure/",
-      "source_path": "docs-conceptual/azps-14.2.0/overview.md"
+      "source_path": "docs-conceptual/azps-14.3.0/overview.md"
     },
     {
       "redirect_document_id": false,
       "redirect_url": "/powershell/azure/install-azure-powershell/",
-      "source_path": "docs-conceptual/azps-14.2.0/install-az-ps.md"
+      "source_path": "docs-conceptual/azps-14.3.0/install-az-ps.md"
     },
     {
       "redirect_document_id": false,
       "redirect_url": "/powershell/azure/install-azure-powershell/",
-      "source_path": "docs-conceptual/azps-14.2.0/install-az-ps-msi.md"
+      "source_path": "docs-conceptual/azps-14.3.0/install-az-ps-msi.md"
     },
     {
       "redirect_document_id": false,
       "redirect_url": "/powershell/azure/azureps-support-lifecycle/",
-      "source_path": "docs-conceptual/azps-14.2.0/azps-versioning-release-cadence.md"
+      "source_path": "docs-conceptual/azps-14.3.0/azps-versioning-release-cadence.md"
     },
     {
       "redirect_document_id": false,
       "redirect_url": "/powershell/azure/",
-      "source_path": "docs-conceptual/azps-14.1.0/overview.md"
+      "source_path": "docs-conceptual/azps-14.2.0/overview.md"
     },
     {
       "redirect_document_id": false,
       "redirect_url": "/powershell/azure/install-azure-powershell/",
-      "source_path": "docs-conceptual/azps-14.1.0/install-az-ps.md"
+      "source_path": "docs-conceptual/azps-14.2.0/install-az-ps.md"
     },
     {
       "redirect_document_id": false,
       "redirect_url": "/powershell/azure/install-azure-powershell/",
-      "source_path": "docs-conceptual/azps-14.1.0/install-az-ps-msi.md"
+      "source_path": "docs-conceptual/azps-14.2.0/install-az-ps-msi.md"
     },
     {
       "redirect_document_id": false,
       "redirect_url": "/powershell/azure/azureps-support-lifecycle/",
-      "source_path": "docs-conceptual/azps-14.1.0/azps-versioning-release-cadence.md"
+      "source_path": "docs-conceptual/azps-14.2.0/azps-versioning-release-cadence.md"
     },
     {
       "redirect_document_id": false,

docfx.json

@@ -1,14 +1,14 @@
 {
     "build": {
         "content": [
-            { "files": ["toc.yml"], "src": "azps-14.2.0", "version": "azps-14.2.0", "dest": "module/azure-powershell" },
-            { "files": ["**/*.yml"], "src": "azps-14.2.0", "version": "azps-14.2.0", "exclude": ["docs-conceptual/**"], "dest": "module" },
-            { "files": ["**/*.yml", "**/*.md"], "src": "docs-conceptual/azps-14.2.0", "version": "azps-14.2.0", "dest": "azure" },
-
             { "files": ["toc.yml"], "src": "azps-14.3.0", "version": "azps-14.3.0", "dest": "module/azure-powershell" },
             { "files": ["**/*.yml"], "src": "azps-14.3.0", "version": "azps-14.3.0", "exclude": ["docs-conceptual/**"], "dest": "module" },
             { "files": ["**/*.yml", "**/*.md"], "src": "docs-conceptual/azps-14.3.0", "version": "azps-14.3.0", "dest": "azure" },
 
+            { "files": ["toc.yml"], "src": "azps-14.2.0", "version": "azps-14.2.0", "dest": "module/azure-powershell" },
+            { "files": ["**/*.yml"], "src": "azps-14.2.0", "version": "azps-14.2.0", "exclude": ["docs-conceptual/**"], "dest": "module" },
+            { "files": ["**/*.yml", "**/*.md"], "src": "docs-conceptual/azps-14.2.0", "version": "azps-14.2.0", "dest": "azure" },
+
             { "files": ["toc.yml"], "src": "azps-12.5.0", "version": "azps-12.5.0", "dest": "module/azure-powershell" },
             { "files": ["**/*.yml"], "src": "azps-12.5.0", "version": "azps-12.5.0", "exclude": ["docs-conceptual/**"], "dest": "module" },
             { "files": ["**/*.yml", "**/*.md"], "src": "docs-conceptual/azps-12.5.0", "version": "azps-12.5.0", "dest": "azure" },
@@ -32,14 +32,14 @@
             }
         ],
         "resource": [
-            { "files": ["media/**"], "version": "azps-14.2.0" },
             { "files": ["media/**"], "version": "azps-14.3.0" },
+            { "files": ["media/**"], "version": "azps-14.2.0" },
             { "files": ["media/**"], "version": "azps-12.5.0" },
             { "files": ["media/**"], "version": "azps-0.10.0" }
         ],
         "versions": {
-            "azps-14.2.0": { "dest": "azps-14.2.0" },
             "azps-14.3.0": { "dest": "azps-14.3.0" },
+            "azps-14.2.0": { "dest": "azps-14.2.0" },
             "azps-12.5.0": { "dest": "azps-12.5.0" },
             "azps-0.10.0": { "dest": "azps-0.10.0" },
             "azuresmps-4.0.0": { "dest": "azuresmps-4.0.0" }
@@ -410,8 +410,8 @@
                 "docs-conceptual/**/*": "concept-article"
             },
             "ms.date": {
+                "azps-14.3.0/**/*": "8/5/2025",
                 "azps-14.2.0/**/*": "7/1/2025",
-                "azps-14.3.0/**/*": "7/31/2025",
                 "azps-12.5.0/**/*": "11/11/2024",
                 "azps-0.10.0/**/*": "4/14/2020",
                 "azuresmps-4.0.0/**/*": "11/28/2020"
@@ -436,10 +436,10 @@
                 "docs-conceptual/azuresmps-*/**/*": "NOINDEX, NOFOLLOW"
             },
             "feedback_system": {
-                "azps-14.2.0/**/*": "OpenSource",
-                "docs-conceptual/azps-14.2.0/*": "OpenSource",
-                "azps-14.3.0/**/*": "None",
-                "docs-conceptual/azps-14.3.0/*": "None",
+                "azps-14.3.0/**/*": "OpenSource",
+                "docs-conceptual/azps-14.3.0/*": "OpenSource",
+                "azps-14.2.0/**/*": "None",
+                "docs-conceptual/azps-14.2.0/*": "None",
                 "azps-12.5.0/**/*": "OpenSource",
                 "docs-conceptual/azps-12.5.0/*": "OpenSource",
                 "aztools/**/*": "OpenSource",
@@ -487,7 +487,7 @@
             "author": "mikefrobbins",
             "ms.manager": "jasongroce",
             "uhfHeaderId": "Azure",
-            "ms.date": "07/01/2025"
+            "ms.date": "8/5/2025"
         },
         "dest": "azureps",
         "lruSize": 0,

docs-conceptual/azps-14.2.0/zone-pivot-groups.yml

@@ -159,47 +159,6 @@ To learn more about federated identities, see:
 - [What is workload identity federation?][identity-federations]
 - [Migrate to Microsoft Entra multifactor authentication with federations][mfa-federations]
 
-## Troubleshooting
-
-### ROPC error: Due to a configuration change made by your administrator
-
-You use the Resource Owner Password Credential (ROPC) flow when signing into Azure using a password.
-This authentication method doesn't support MFA. Here's an example:
-
-```azurepowershell
-Connect-AzAccount -Credential $Credential
-```
-
-If the user account requires MFA, the command fails with the following error:
-
-```Output
-Connect-AzAccount : UsernamePasswordCredential authentication failed: Response status code does not indicate success: 400 (BadRequest).
-See the troubleshooting guide for more information
-https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot
-```
-
-**Solution:** Use an authentication method that's compatible with MFA.
-
-### Cross-tenant warning: Authentication failed against tenant
-
-If you have access to multiple tenants, and one of them requires MFA, Azure PowerShell might display
-the following warning:
-
-```Output
-WARNING: Unable to acquire token for tenant '00000000-0000-0000-0000-000000000000' with error 'Authentication failed against tenant 00000000-0000-0000-0000-000000000000. User interaction is required. This may be due to the conditional access policy settings such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId 00000000-0000-0000-0000-000000000000.'
-```
-
-Azure PowerShell attempts to sign in with _the first tenant found_ during login. If that tenant
-enforces MFA, authentication might fail. To avoid this issue, explicitly specify the target tenant
-using the **TenantId** parameter:
-
-```azurepowershell
-Connect-AzAccount -TenantId 00000000-0000-0000-0000-000000000000
-```
-
-This ensures that authentication is attempted against the correct tenant, reducing the likelihood of
-MFA-related failures.
-
 ## Learn more about multifactor authentication
 
 The Microsoft Entra ID documentation site offers more detail on MFA.
@@ -233,3 +192,4 @@ The Microsoft Entra ID documentation site offers more detail on MFA.
 [steps-assign-role]: /azure/role-based-access-control/role-assignments-steps
 [assign-roles]: /azure/role-based-access-control/role-assignments-powershell
 [fic-serviceconn-blog]: https://devblogs.microsoft.com/azure-sdk/improve-security-posture-in-azure-service-connections-with-azurepipelinescredential/
+[01]: /entra/identity/authentication/concept-mandatory-multifactor-authentication

docs-conceptual/azps-14.3.0/authenticate-mfa.md

@@ -63,7 +63,7 @@ landingContent:
       - linkListType: reference
         links:
           - text: Cmdlet reference
-            url: /powershell/module/?view=azps-14.2.0
+            url: /powershell/module/?view=azps-14.3.0
   - title: Identity and authentication
     linkLists:
       - linkListType: how-to-guide

docs-conceptual/azps-14.3.0/index.yml

@@ -26,6 +26,104 @@ To enable debug logging for an entire PowerShell session, you set the value of t
 $DebugPreference = 'Continue'
 ```
 
+## Troubleshooting multifactor authentication (MFA)
+
+### Interactive login failures
+
+If you encounter errors when running Azure PowerShell cmdlets that create, modify, or delete
+resources, the issue might be caused by a Microsoft Entra ID Conditional Access policy that requires
+multifactor authentication (MFA).
+
+These errors typically occur when MFA is required by policy but isn't enforced during login.
+
+#### SharedTokenCacheCredential authentication unavailable
+
+You might see this error when using:
+
+- **Az** PowerShell module version 14.2.0 or earlier
+- **Az.Accounts** PowerShell module 5.1.1 or earlier
+
+```Output
+SharedTokenCacheCredential authentication unavailable. Token acquisition failed for user
+[email protected]. Ensure that you have authenticated with a developer tool that supports Azure
+single sign on.
+```
+
+Upgrade to the following versions or later to receive more informative error messages and policy
+details:
+
+- **Az** PowerShell module: version 14.3.0 or later
+- **Az.Accounts** module: version 5.2.0 or later
+
+#### Resource was disallowed by policy
+
+This error occurs in newer module versions (**Az** 14.3.0+ and **Az.Accounts** 5.2.0+), where MFA is
+required by Conditional Access for specific operations.
+
+```Output
+Resource was disallowed by policy. Users must use MFA for Create operation.
+Users must authenticate with multi-factor authentication to create or update resources.
+Run the cmdlet below to authenticate interactively; additional parameters may be added as needed.
+Connect-AzAccount -Tenant (Get-AzContext).Tenant.Id -ClaimsChallenge "<claims-challenge-token>"
+```
+
+#### Resolution options
+
+- Ask your Azure administrator to enforce MFA at sign-in. This allows your session to meet
+  Conditional Access requirements without additional steps.
+- If MFA enforcement at sign-in isn't possible, use the **ClaimsChallenge** parameter to
+  authenticate interactively:
+
+  ```azurepowershell
+  Connect-AzAccount -Tenant (Get-AzContext).Tenant.Id -ClaimsChallenge "<claims-challenge-token>"
+  ```
+
+For more information, see
+[Planning for mandatory multifactor authentication for Azure and other admin portals][01]
+
+### ROPC error: Due to a configuration change made by your administrator
+
+You use the Resource Owner Password Credential (ROPC) flow when signing into Azure using a password.
+This authentication method doesn't support MFA. Here's an example:
+
+```azurepowershell
+Connect-AzAccount -Credential $Credential
+```
+
+If the user account requires MFA, the command fails with the following error:
+
+```Output
+Connect-AzAccount : UsernamePasswordCredential authentication failed: Response status code does not
+indicate success: 400 (BadRequest). See the troubleshooting guide for more information
+https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot
+```
+
+**Solution:** Use an authentication method that's compatible with MFA.
+
+### Cross-tenant warning: Authentication failed against tenant
+
+If you have access to multiple tenants, and one of them requires MFA, Azure PowerShell might display
+the following warning:
+
+```Output
+WARNING: Unable to acquire token for tenant '00000000-0000-0000-0000-000000000000' with error
+'Authentication failed against tenant 00000000-0000-0000-0000-000000000000. User interaction is
+required. This may be due to the conditional access policy settings such as multi-factor
+authentication (MFA). If you need to access subscriptions in that tenant, please rerun
+'Connect-AzAccount' with additional parameter '-TenantId 00000000-0000-0000-0000-000000000000.'
+```
+
+Azure PowerShell attempts to sign in with _the first tenant found_ during login. If that tenant
+enforces MFA, authentication might fail. To avoid this issue, explicitly specify the target tenant
+using the **TenantId** parameter:
+
+```azurepowershell
+Connect-AzAccount -TenantId 00000000-0000-0000-0000-000000000000
+```
+
+This ensures that authentication is attempted against the correct tenant, reducing the likelihood of
+MFA-related failures.
+
 ## Announcement messages in automation scenarios
 
 When connecting to Azure with Azure PowerShell, announcement messages are displayed using
@@ -241,3 +339,7 @@ creating a service principal:
 
 If you experience a product issue with Azure PowerShell not listed in this article or require
 further assistance, [file an issue on GitHub](https://github.com/azure/azure-powershell/issues).
+
+<!-- link references -->
+
+[01]: /entra/identity/authentication/concept-mandatory-multifactor-authentication

docs-conceptual/azps-14.3.0/troubleshooting.md

@@ -3,4 +3,4 @@ ms.topic: include
 ms.custom:
 ---
 
-The current version of Azure PowerShell is 14.2.0.
+The current version of Azure PowerShell is 14.3.0.