Azure CLI migration from ADAL to MSAL

Published Nov 02 2021 08:20 AM 626 Views
Microsoft

With the release of version 2.30.0, we're excited to announce Azure CLI has completed the integration of Microsoft Authentication Library (MSAL) as the underlying authentication library! While there are a lot of new features to be announced during Ignite for Azure CLI, we wanted this post to focus on Azure migration from ADAL to MSAL. 

 

Right out of the gate, MSAL provides better security for token cache and support for federated tokens with the new --federated-token parameter in az login. The new authentication library isn't only for this latest release however. It will allow for improved security and user experience features in the future, like Continuous Access Evaluation (CAE) and proactive token renewal. For more information about the benefits of MSAL, check out the MSAL Migration doc.

 

Breaking Change!

 

Version 2.30.0 introduces a breaking change. Azure CLI no longer generates ~/.azure/accessTokens.json to store ADAL tokens and service principal entries. Any existing workflow depending on accessTokens.json will no longer work. For more information about this change, please check out the MSAL-based Azure CLI doc.

 

For install and update instructions, checkout the Azure CLI Install docs.

 

We're excited for this announcement as it's a big step toward the move from AD Graph to MS Graph and the continual growth for Azure CLI!

 

Let us know what you think in the comment section below and we look forward to hearing from you. 

 

Chase

Azure CLI PM

 

 

%3CLINGO-SUB%20id%3D%22lingo-sub-2909427%22%20slang%3D%22en-US%22%3EAzure%20CLI%20migration%20from%20ADAL%20to%20MSAL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2909427%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20the%20release%20of%20version%202.30.0%2C%20we're%20excited%20to%20announce%20Azure%20CLI%20has%20completed%20the%20integration%20of%20Microsoft%20Authentication%20Library%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-overview%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EMSAL%3C%2FA%3E)%20as%20the%20underlying%20authentication%20library!%20While%20there%20are%20a%20lot%20of%20new%20features%20to%20be%20announced%20during%20Ignite%20for%20Azure%20CLI%2C%20we%20wanted%20this%20post%20to%20focus%20on%20Azure%20migration%20from%20ADAL%20to%26nbsp%3BMSAL.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERight%20out%20of%20the%20gate%2C%20MSAL%20provides%20better%20security%20for%20token%20cache%20and%20support%20for%20federated%20tokens%20with%20the%20new%3CCODE%3E--federated-token%3C%2FCODE%3E%26nbsp%3Bparameter%20in%3CCODE%3Eaz%20login%3C%2FCODE%3E.%20The%20new%20authentication%20library%20isn't%20only%20for%20this%20latest%20release%20however.%20It%20will%20allow%20for%20improved%20security%20and%20user%20experience%20features%20in%20the%20future%2C%20like%20Continuous%20Access%20Evaluation%20(CAE)%20and%20proactive%20token%20renewal.%20For%20more%20information%20about%20the%20benefits%20of%20MSAL%2C%20check%20out%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-migration%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EMSAL%20Migration%20doc%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--299657463%22%20id%3D%22toc-hId--298855034%22%3EBreaking%20Change!%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EVersion%202.30.0%20introduces%20a%20breaking%20change.%20Azure%20CLI%20no%20longer%20generates%3CCODE%3E~%2F.azure%2FaccessTokens.json%3C%2FCODE%3Eto%20store%20ADAL%20tokens%20and%20service%20principal%20entries.%20Any%20existing%20workflow%20depending%20on%3CCODE%3EaccessTokens.json%3C%2FCODE%3E%26nbsp%3Bwill%20no%20longer%20work.%20For%20more%20information%20about%20this%20change%2C%20please%20check%20out%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fcli%2Fazure%2Fmsal-based-azure-cli%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EMSAL-based%20Azure%20CLI%20doc%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20install%20and%20update%20instructions%2C%20checkout%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fcli%2Fazure%2Finstall-azure-cli%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20CLI%20Install%20docs%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe're%20excited%20for%20this%20announcement%20as%20it's%20a%20big%20step%20toward%20the%20move%20from%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-tools%2Fazure-ad-to-microsoft-graph-migration-for-azure-command-line%2Fba-p%2F2836666%22%20target%3D%22_self%22%3EAD%20Graph%20to%20MS%20Graph%3C%2FA%3E%20and%20the%20continual%20growth%20for%20Azure%20CLI!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%20us%20know%20what%20you%20think%20in%20the%20comment%20section%20below%20and%20we%20look%20forward%20to%20hearing%20from%20you.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EChase%3C%2FP%3E%0A%3CP%3E%3CEM%3EAzure%20CLI%20PM%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2909427%22%20slang%3D%22en-US%22%3E%3CP%20data-unlink%3D%22true%22%3EWith%20the%20release%20of%20version%202.30.0%2C%20we're%20excited%20to%20announce%20Azure%20CLI%20has%20completed%20the%20integration%20of%20Microsoft%20Authentication%20Library%20(MSAL)%20as%20the%20underlying%20authentication%20library!%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2909427%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzureCLI%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Nov 02 2021 08:20 AM
Updated by: