Azure CLI — Identity & Subscriptions Cheat Sheet 2026

Azure CLI Identity & Subscriptions Cheat Sheet is the complete quick-reference of Azure CLI Identity & Subscriptions commands grouped by function. Copy any command with one click and find what you need with Ctrl+F in under 3 seconds.

Identity & Subscriptions

Action	Command	Useful flags
Log in interactively	`az login`
Log in with a service principal using a client secret	`az login --service-principal --username <http://azure-cli-service-principal> --password <secret> --tenant <someone.onmicrosoft.com>`	`--service-principal --username --password --tenant`
Log in with a service principal using a client certificate	`az login --service-principal --username <http://azure-cli-service-principal> --password <path/to/cert.pem> --tenant <someone.onmicrosoft.com>`	`--service-principal --username --password --tenant`
Log in using a VM’s system assigned identity	`az login --identity`	`--identity`
Log in using a VM’s user assigned identity	`az login --identity --username /subscriptions/<subscription_id>/resourcegroups/<my_rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<my_id>`	`--identity --username`
Log out from the active account	`az logout`
Log out a specific user	`az logout --username <alias@example.com>`	`--username`
List all subscriptions for the logged in account	`az account list`
Set a `subscription` to be the currently active subscription	`az account set --subscription <subscription_id>`	`--subscription`
List supported regions for the currently active subscription	`az account list-locations`
Print an access token to be used with `MS Graph API`	`az account get-access-token --resource-type <ms-graph>`	`--resource-type`
Print details of the currently active subscription in a specific format	`az account show --output <json\|tsv\|table\|yaml>`	`--output`

⚠️ Dangerous / Destructive Commands

These commands are irreversible. Verify your environment (dev/staging vs prod) before running them.

Action	Command	Warning
⚠️ Destroy ⚠️	`terraform destroy -auto-approve`	Irreversible — verify the target before running
⚠️ Delete	`kubectl delete namespace production`	Irreversible — verify the target before running
⚠️ Prune ⚠️	`docker system prune -af --volumes`	Irreversible — verify the target before running
⚠️ Delete	`pvesh delete /nodes/{node}/qemu/{vmid}`	Irreversible — verify the target before running
⚠️ Delete	`az group delete --name MyResourceGroup --yes`	Irreversible — verify the target before running

FAQ — Frequently Asked Questions

What is the difference between Identity & Subscriptions and the other groups?

Each group in this Azure CLI cheat sheet covers a distinct area. Identity & Subscriptions focuses on its specific scope, while the other groups and the remaining groups cover networking, storage, security and diagnostics respectively.

How do I check the installed Azure CLI version?

Run the version command (usually az version or az --version). The output shows the client and, when applicable, the server version.

Why does Azure CLI return ‘permission denied’?

A ‘permission denied’ error in Azure CLI usually means the current user lacks sufficient privileges or credentials are not configured. Check: (1) assigned IAM/RBAC roles, (2) an active authentication context via the corresponding login command.

How do I filter Azure CLI output by status or name?

Use flags such as --filter, --selector or --query depending on the tool. You can also pipe into grep or jq to process JSON:

az list | grep RUNNING

What is the fastest way to debug a Azure CLI error?

Add the verbose flag (--verbose, -v or --debug) to the failing command. This reveals the underlying HTTP/API calls and the full error response body.

Official sources & references

Commands cross-checked against vendor documentation and high-authority repositories:

raw.githubusercontent.com