View and manage Azure resources directly from VS Code.
Sign up today for your free Azure account and receive 12 months of free popular services, $200 free credit and 25+ always free services 👉 Start Free.
The Azure Resources extension now uses the built-in VS Code Microsoft authentication provider to authenticate with Azure, and no longer depends on the Azure Account extension. This move increases the reliability of Azure authentication, especially when using a proxy.
Sign in by selecting the "Sign in to Azure..." item in the Azure Resources view.
Note: Sessions won't be migrated from Azure Account to the new built-in authentication. This means you will have to sign in once Azure Resources updates to v0.8.0.
You can also sign in using the new "Azure: Sign In" command contributed by the Azure Resources extension. Note: make sure you don't mistake it for the old Azure Account "Azure: Sign In" command.
Sign out in the Accounts menu located in the bottom left of your VS Code window.
You can filter the displayed subscriptions just as before, by selecting the Filter icon on any subscription. Previously filtered subscriptions will not be migrated automatically.
The filtered subscriptions are stored in the new azureResourceGroups.selectedSubscriptions setting.
You can use the Accounts and Tenants view to manage and authenticate tenants. By checking and unchecking tenants, subscriptions within the Resources view and subscription filter will be filtered out.
With the Accounts & Tenants view we have also added multi-account support. You can sign into a new account by clicking the + icon in the right corner of the view.
Within the tenants view you can now Sign In to a specific tenant by checking an unauthenticated tenant.
Users are still able to use the "Sign in to Tenant (Directory)" along with the tenants view. This is useful for directories/tenants that require MFA. Executing this command will show a menu with a list of unauthenticated directories. If the list is empty, then sessions exist for each directory already.
To connect to a sovereign cloud users can click the gear button on the right side of the tenants view. This will bring up a list of sovereign clouds and once chosen the microsoft-sovereign-cloud.environment setting will automatically be set.
Support for vscode.dev
The Azure Resources extension fully supports running on vscode.dev and github.dev. This means you can use the Azure Resources extension to manage your Azure resources directly from your browser! Note that this does not require the Azure Accounts extension and uses VS Code's built-in authentication provider.
Use the Resources explorer to create and manage Azure resources. Use the Workspace explorer to create files and deploy.
Change the way resources are grouped to fit your workflow.
View all of your recent activities and quickly access resources you've recently created in the Activity Log.
Create an Azure resource from your installed extensions directly in VS Code.
Azure Cloud Shell instances can be started via the terminal view in VS Code. To begin, click the
dropdown arrow in the terminal view and select from either Azure Cloud Shell (Bash) or
Azure Cloud Shell (PowerShell).
If this is your first time using the Cloud Shell, the following notification will appear prompting you to set it up.
The Cloud Shell will load in the terminal view once you've finished configuring it.
You may also upload files to Cloud Shell using the Azure: Upload to Cloud Shell command.
Install these extensions to enable additional resource-specific features.
- Azure Functions
- Azure App Service
- Azure Static Web Apps
- Azure Databases
- Azure Storage
- Azure Virtual Machines
- Azure Spring Apps
- Azure Logic Apps
If you're on a corporate network that performs HTTPS/SSL inspection (for example Zscaler, Netskope, Cisco Umbrella, or an internal certificate authority), you may see errors like unable to get local issuer certificate or self-signed certificate in certificate chain in the Azure Resources output channel, and resources may fail to load.
This happens because the inspection proxy re-signs TLS traffic with your organization's root CA. Signing in uses VS Code's built-in Microsoft authentication, which respects VS Code's proxy and certificate settings, but the extension's Azure management (ARM) calls run in the extension-host Node.js process, which by default does not trust certificates from the operating system store. Node.js therefore rejects the re-signed certificate.
To fix it, tell Node.js and VS Code about your corporate root CA:
-
Export your corporate root CA as a PEM (
.pem/.crt) file. Your IT department can provide this, or you can export it from the OS certificate store. If you have multiple CAs, concatenate them into a single PEM file. -
Set the
NODE_EXTRA_CA_CERTSenvironment variable to the full path of that file, then restart VS Code so the extension host picks it up:- Windows (PowerShell, persists for your user):
setx NODE_EXTRA_CA_CERTS "C:\certs\corp-ca-bundle.pem" - macOS / Linux (add to your shell profile, e.g.
~/.zshrcor~/.bashrc):export NODE_EXTRA_CA_CERTS="/etc/ssl/certs/corp-ca-bundle.pem"
Launch VS Code from an environment where this variable is set (for example, restart it from the terminal or after signing out/in on Windows). Setting it only inside VS Code's integrated terminal is not enough; it must be present in the environment that starts VS Code.
- Windows (PowerShell, persists for your user):
-
Check VS Code's certificate and proxy settings in Settings:
"http.systemCertificates": true: use the OS certificate store for VS Code's own requests (on by default)."http.proxySupport": leave at the default"override"so VS Code applies proxy support to its requests."http.proxy": set this to your proxy URL if your organization requires an explicit proxy (otherwise VS Code uses the system proxy)."http.proxyStrictSSL": leavetrue. Only set it tofalseas a last resort, since it disables certificate validation and is insecure.
Which setting fixes what: token sign-in goes through VS Code's built-in Microsoft authentication, so "http.systemCertificates": true is what covers it; the extension's Azure management (ARM) calls run in the Node.js extension host and require NODE_EXTRA_CA_CERTS. Set both to be safe. See the VS Code network connections documentation for more on proxy and certificate configuration.
There are a couple of ways you can contribute to this repo:
- Ideas, feature requests and bugs: We are open to all ideas and we want to get rid of bugs! Use the Issues section to either report a new issue, provide your ideas or contribute to existing threads.
- Documentation: Found a typo or strangely worded sentences? Submit a PR!
- Code: Contribute bug fixes, features or design changes:
- Clone the repository locally and open in VS Code.
- Run "Extensions: Show Recommended Extensions" from the command palette and install all extensions listed under "Workspace Recommendations"
- Open the terminal (press CTRL+ `) and run
npm install. - To build, press F1 and type in
Tasks: Run Build Task. - Debug: press F5 to start debugging the extension.
Before we can accept your pull request you will need to sign a Contribution License Agreement. All you need to do is to submit a pull request, then the PR will get appropriately labelled (e.g. cla-required, cla-norequired, cla-signed, cla-already-signed). If you already signed the agreement we will continue with reviewing the PR, otherwise system will tell you how you can sign the CLA. Once you sign the CLA all future PR's will be labeled as cla-signed.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
VS Code collects usage data and sends it to Microsoft to help improve our products and services. Read our privacy statement to learn more. If you don’t wish to send usage data to Microsoft, you can set the telemetry.enableTelemetry setting to false. Learn more in our FAQ.







