az-logout

Log out from the active account

$ az logout

$ az logout --username [alias@somedomain.com]

az logout

The az logout command is an essential component of the Azure Command-Line Interface (CLI), a powerful and cross-platform tool designed for managing Azure cloud resources. Its primary function is to terminate the active authentication session for an Azure account within the CLI context.

Upon execution, az logout effectively removes stored authentication tokens and cached credentials, thereby logging you out of the currently authenticated Azure identity. This action requires a fresh login using the az login command for any subsequent interactions with Azure services via the CLI.

It is crucial for security, particularly when working on shared systems or after completing sensitive tasks, to prevent unauthorized access to your Azure subscriptions. The command operates silently, requiring no specific operational parameters, and serves as a straightforward method to ensure a clean authentication state. It helps in clearing authentication caches, providing a fresh start for new operations or for switching between different Azure accounts or directories.

No Confirmation Prompt: The command executes immediately without an explicit 'Are you sure?' confirmation prompt.

Global vs. Specific Logout: It logs out the *currently active* interactive account and removes its associated tokens. It might not clear all cached service principal credentials if they were configured separately or if multiple accounts are stored in a non-interactive way.

Browser/Application Sessions: Logging out via the CLI does not affect active sessions in web browsers, other Azure-connected applications, or services that use their own authentication mechanisms. Its scope is limited to the CLI's authentication context.

Local Data: It primarily removes authentication tokens and does not delete local configuration files, settings, or data unrelated to the authentication process.

While az logout has no unique operational parameters specific to its logout functionality, it supports common global Azure CLI arguments that apply to almost all az commands. These include --help (-h) to display usage information, --output (-o) to specify the output format (e.g., json, table, tsv), --query for JMESPath filtering of command output, and verbosity flags like --verbose or --debug. These arguments modify the command's behavior in terms of help, output presentation, or logging, rather than its core action.

Utilizing az logout regularly is a strong security practice, especially in shared or public computing environments. It minimizes the risk of unauthorized access to your Azure resources by ensuring that no active CLI session remains authenticated when your work is completed or when you step away from the machine. It is analogous to locking your workstation or signing out of web services after use, contributing significantly to maintaining the security and integrity of your cloud management activities.

The Azure CLI has been a cornerstone for Azure resource management since its early iterations, evolving rapidly to support new services and features. az logout has been a fundamental and consistent component, present since the CLI's initial stable releases (e.g., az CLI 2.0 onward). Its development directly aligns with the broader evolution of the Azure platform and its stringent security requirements. The command's functionality has remained remarkably stable, focusing purely on session termination to ensure secure and efficient management of cloud resources. It reflects a standard practice in command-line tools to provide clear session management capabilities for user authentication, contributing to the overall security posture of cloud operations.

az login: Log in to an Azure account., az account show: Display the currently active Azure subscription details., az account list: List all available Azure subscriptions accessible by the current credentials., az account clear: Clear all stored Azure CLI accounts and subscriptions. (More aggressive than logout)