Describe the bug
The Active Directory Endpoint provided in the AZURE_BLEU_CLOUD for known clouds list is incorrect, resulting in failure at login.
Current value : login.sovcloud-api.fr
Correct value : login.sovcloud-identity.fr
Related command
az cloud set -n AzureBleuCloud
az login
Errors
ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 677, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 820, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 789, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 335, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 192, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 177, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 166, in login_with_auth_code
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 125, in _msal_app
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 2090, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 649, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 96, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 170, in _initialize_entra_authority
ValueError: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
Issue script & Debug output
Script : az login --debug
output :
cli.knack.cli: Command arguments: ['login', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001653E779B20>, <function OutputProducer.on_global_arguments at 0x000001653ED21BC0>, <function CLIQuery.on_global_arguments at 0x000001653ED5F9C0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Using packaged command index for profile 'latest'.
cli.azure.cli.core: Found installed extension 'ad' (azext_ad).
cli.azure.cli.core: Blending packaged core index with local extension index.
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules...
cli.azure.cli.core: Loaded command modules in parallel:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.196 2 8
cli.azure.cli.core: Total (1) 0.217 2 8
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 2 groups, 8 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000001653EE9C360>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\DEV-AlexandreMOUGEL.azure\commands\2026-04-14.09-06-19.login.13256.log'.
az_command_data_logger: command args: login --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000001653EEE6480>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000001653EEE6520>, <function register_global_policy_argument..add_global_policy_argument at 0x000001653EEE6660>, <function register_cache_arguments..add_cache_arguments at 0x000001653EEE6700>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x000001653EEE67A0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000001653ED21C60>, <function CLIQuery.handle_query_parameter at 0x000001653ED5FA60>, <function register_ids_argument..parse_ids_arguments at 0x000001653EEE65C0>]
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\DEV-AlexandreMOUGEL\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\DEV-AlexandreMOUGEL.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
urllib3.connectionpool: Starting new HTTPS connection (1): login.microsoftonline.com:443
urllib3.connectionpool: https://login.microsoftonline.com:443 "GET /common/discovery/instance?authorization_endpoint=https%3A%2F%2Flogin.sovcloud-api.fr%2Forganizations%2Foauth2%2Fv2.0%2Fauthorize&api-version=1.0 HTTP/1.1" 400 452
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 677, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 820, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 789, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 335, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 192, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 177, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 166, in login_with_auth_code
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 125, in _msal_app
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 2090, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 649, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 96, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 170, in _initialize_entra_authority
ValueError: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 677, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 820, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 789, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 335, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 192, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 177, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 166, in login_with_auth_code
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 125, in _msal_app
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 2090, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 649, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 96, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 170, in _initialize_entra_authority
ValueError: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
az_command_data_logger: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 677, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 820, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 789, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 335, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 192, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 177, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 166, in login_with_auth_code
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 125, in _msal_app
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 2090, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 649, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 96, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 170, in initialize_entra_authority
ValueError: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000001653EE9C5E0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 8.558 seconds (init: 0.942, invoke: 7.616)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7723 in cache file under C:\Users\DEV-AlexandreMOUGEL.azure\telemetry\20260414090627284
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init.pyc C:\Users\DEV-AlexandreMOUGEL.azure C:\Users\DEV-AlexandreMOUGEL.azure\telemetry\20260414090627284"
telemetry.process: Return from creating process 8212
telemetry.main: Finish creating telemetry upload process.
Expected behavior
az login should work with any flow against AzureBleuCloud config.
Environment Summary
azure-cli 2.85.0
Additional context
When manually adding a cloud configuration with the correct active directory endpoint value, login succeeds :
alex@avd-dts-stdr-2:~$ az cloud show -n BleuCloud
{
"endpoints": {
"activeDirectory": "https://login.sovcloud-identity.fr/",
"activeDirectoryDataLakeResourceId": "https://datalake.sovcloud.fr/",
"activeDirectoryGraphResourceId": "https://graph.svc.sovcloud.fr/",
"activeDirectoryResourceId": "https://management.sovcloud-api.fr/",
"appInsightsResourceId": "https://api.applicationinsights.sovcloud-api.fr",
"appInsightsTelemetryChannelResourceId": "https://dc.applicationinsights.sovcloud-api.fr/v2/track",
"appServiceResourceId": null,
"attestationResourceId": "https://attest.sovcloud-api.fr",
"azmirrorStorageAccountResourceId": null,
"batchResourceId": "https://batch.sovcloud-api.fr/",
"gallery": "https://gallery.sovcloud-api.fr/",
"logAnalyticsResourceId": "https://api.loganalytics.sovcloud-api.fr",
"management": "https://management.sovcloud-api.fr/",
"mediaResourceId": "https://rest.media.sovcloud-api.fr",
"microsoftGraphResourceId": "https://graph.svc.sovcloud.fr/",
"ossrdbmsResourceId": "https://ossrdbms-aad.database.sovcloud-api.fr",
"portal": "https://portal.sovcloud-azure.fr",
"resourceManager": "https://management.sovcloud-api.fr/",
"sqlManagement": "https://management.database.sovcloud-api.fr:8443/",
"synapseAnalyticsResourceId": "https://dev.azuresynapse.sovcloud-api.fr",
"vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json"
},
"isActive": true,
"name": "BleuCloud",
"profile": "latest",
"suffixes": {
"acrLoginServerEndpoint": ".azurecr.sovcloud-api.fr",
"attestationEndpoint": ".attest.sovcloud-api.fr",
"azureDatalakeAnalyticsCatalogAndJobEndpoint": "azuredatalakeanalytics.sovcloud-api.fr",
"azureDatalakeStoreFileSystemEndpoint": "azuredatalakestore.sovcloud-api.fr",
"keyvaultDns": ".vault.sovcloud-api.fr",
"mariadbServerEndpoint": ".mariadb.database.sovcloud-api.fr",
"mhsmDns": ".managedhsm.sovcloud-api.fr",
"mysqlServerEndpoint": ".mysql.database.sovcloud-api.fr",
"postgresqlServerEndpoint": ".postgres.database.sovcloud-api.fr",
"sqlServerHostname": ".database.sovcloud-api.fr",
"storageEndpoint": "core.sovcloud-api.fr",
"storageSyncEndpoint": "afs.sovcloud-api.fr",
"synapseAnalyticsEndpoint": ".dev.azuresynapse.sovcloud-api.fr"
}
}
With that context, login works :
alex@avd-dts-stdr-2:~$ az login --use-device-code --debug
cli.knack.cli: Command arguments: ['login', '--use-device-code', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x0000021879F69A80>, <function OutputProducer.on_global_arguments at 0x000002187A511B20>, <function CLIQuery.on_global_arguments at 0x000002187A54F920>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Using packaged command index for profile 'latest'.
cli.azure.cli.core: Found installed extension 'ad' (azext_ad).
cli.azure.cli.core: Blending packaged core index with local extension index.
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules...
cli.azure.cli.core: Loaded command modules in parallel:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.010 2 8
cli.azure.cli.core: Total (1) 0.056 2 8
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 2 groups, 8 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000002187A6902C0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\DEV-AlexandreMOUGEL.azure\commands\2026-04-14.09-11-46.login.14204.log'.
az_command_data_logger: command args: login --use-device-code --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000002187A6DA3E0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000002187A6DA480>, <function register_global_policy_argument..add_global_policy_argument at 0x000002187A6DA5C0>, <function register_cache_arguments..add_cache_arguments at 0x000002187A6DA660>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x000002187A6DA700>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000002187A511BC0>, <function CLIQuery.handle_query_parameter at 0x000002187A54F9C0>, <function register_ids_argument..parse_ids_arguments at 0x000002187A6DA520>]
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\DEV-AlexandreMOUGEL\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\DEV-AlexandreMOUGEL.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.application: Broker enabled? True
urllib3.connectionpool: Starting new HTTPS connection (1): login.sovcloud-identity.fr:443
urllib3.connectionpool: https://login.sovcloud-identity.fr:443 "POST /organizations/oauth2/v2.0/devicecode HTTP/1.1" 200 553
To sign in, use a web browser to open the page https://login.sovcloud-identity.fr/common/oauth2/deviceauth and enter the code [Redacted] to authenticate.
msal.telemetry: Generate or reuse correlation_id: 17cb3678-d257-47c2-9067-06bde447e229
urllib3.connectionpool: https://login.sovcloud-identity.fr:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 502
Describe the bug
The Active Directory Endpoint provided in the AZURE_BLEU_CLOUD for known clouds list is incorrect, resulting in failure at login.
Current value : login.sovcloud-api.fr
Correct value : login.sovcloud-identity.fr
Related command
az cloud set -n AzureBleuCloud
az login
Errors
ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 677, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 820, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 789, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 335, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 192, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 177, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 166, in login_with_auth_code
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 125, in _msal_app
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 2090, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 649, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 96, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 170, in _initialize_entra_authority
ValueError: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
Issue script & Debug output
Script : az login --debug
output :
cli.knack.cli: Command arguments: ['login', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001653E779B20>, <function OutputProducer.on_global_arguments at 0x000001653ED21BC0>, <function CLIQuery.on_global_arguments at 0x000001653ED5F9C0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Using packaged command index for profile 'latest'.
cli.azure.cli.core: Found installed extension 'ad' (azext_ad).
cli.azure.cli.core: Blending packaged core index with local extension index.
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules...
cli.azure.cli.core: Loaded command modules in parallel:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.196 2 8
cli.azure.cli.core: Total (1) 0.217 2 8
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 2 groups, 8 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000001653EE9C360>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\DEV-AlexandreMOUGEL.azure\commands\2026-04-14.09-06-19.login.13256.log'.
az_command_data_logger: command args: login --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000001653EEE6480>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000001653EEE6520>, <function register_global_policy_argument..add_global_policy_argument at 0x000001653EEE6660>, <function register_cache_arguments..add_cache_arguments at 0x000001653EEE6700>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x000001653EEE67A0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000001653ED21C60>, <function CLIQuery.handle_query_parameter at 0x000001653ED5FA60>, <function register_ids_argument..parse_ids_arguments at 0x000001653EEE65C0>]
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\DEV-AlexandreMOUGEL\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\DEV-AlexandreMOUGEL.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
urllib3.connectionpool: Starting new HTTPS connection (1): login.microsoftonline.com:443
urllib3.connectionpool: https://login.microsoftonline.com:443 "GET /common/discovery/instance?authorization_endpoint=https%3A%2F%2Flogin.sovcloud-api.fr%2Forganizations%2Foauth2%2Fv2.0%2Fauthorize&api-version=1.0 HTTP/1.1" 400 452
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 677, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 820, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 789, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 335, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 192, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 177, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 166, in login_with_auth_code
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 125, in _msal_app
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 2090, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 649, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 96, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 170, in _initialize_entra_authority
ValueError: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 677, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 820, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 789, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 335, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 192, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 177, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 166, in login_with_auth_code
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 125, in _msal_app
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 2090, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 649, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 96, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 170, in _initialize_entra_authority
ValueError: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
az_command_data_logger: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 677, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 820, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 789, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 335, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 192, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 177, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 166, in login_with_auth_code
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 125, in _msal_app
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 2090, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/application.py", line 649, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 96, in init
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\msal/authority.py", line 170, in initialize_entra_authority
ValueError: invalid_instance: The authority you provided, https://login.sovcloud-api.fr/organizations, is not known. If it is a valid domain name known to you, you can turn off this check by passing in instance_discovery=False
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000001653EE9C5E0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 8.558 seconds (init: 0.942, invoke: 7.616)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7723 in cache file under C:\Users\DEV-AlexandreMOUGEL.azure\telemetry\20260414090627284
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init.pyc C:\Users\DEV-AlexandreMOUGEL.azure C:\Users\DEV-AlexandreMOUGEL.azure\telemetry\20260414090627284"
telemetry.process: Return from creating process 8212
telemetry.main: Finish creating telemetry upload process.
Expected behavior
az login should work with any flow against AzureBleuCloud config.
Environment Summary
azure-cli 2.85.0
Additional context
When manually adding a cloud configuration with the correct active directory endpoint value, login succeeds :
alex@avd-dts-stdr-2:~$ az cloud show -n BleuCloud
{
"endpoints": {
"activeDirectory": "https://login.sovcloud-identity.fr/",
"activeDirectoryDataLakeResourceId": "https://datalake.sovcloud.fr/",
"activeDirectoryGraphResourceId": "https://graph.svc.sovcloud.fr/",
"activeDirectoryResourceId": "https://management.sovcloud-api.fr/",
"appInsightsResourceId": "https://api.applicationinsights.sovcloud-api.fr",
"appInsightsTelemetryChannelResourceId": "https://dc.applicationinsights.sovcloud-api.fr/v2/track",
"appServiceResourceId": null,
"attestationResourceId": "https://attest.sovcloud-api.fr",
"azmirrorStorageAccountResourceId": null,
"batchResourceId": "https://batch.sovcloud-api.fr/",
"gallery": "https://gallery.sovcloud-api.fr/",
"logAnalyticsResourceId": "https://api.loganalytics.sovcloud-api.fr",
"management": "https://management.sovcloud-api.fr/",
"mediaResourceId": "https://rest.media.sovcloud-api.fr",
"microsoftGraphResourceId": "https://graph.svc.sovcloud.fr/",
"ossrdbmsResourceId": "https://ossrdbms-aad.database.sovcloud-api.fr",
"portal": "https://portal.sovcloud-azure.fr",
"resourceManager": "https://management.sovcloud-api.fr/",
"sqlManagement": "https://management.database.sovcloud-api.fr:8443/",
"synapseAnalyticsResourceId": "https://dev.azuresynapse.sovcloud-api.fr",
"vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json"
},
"isActive": true,
"name": "BleuCloud",
"profile": "latest",
"suffixes": {
"acrLoginServerEndpoint": ".azurecr.sovcloud-api.fr",
"attestationEndpoint": ".attest.sovcloud-api.fr",
"azureDatalakeAnalyticsCatalogAndJobEndpoint": "azuredatalakeanalytics.sovcloud-api.fr",
"azureDatalakeStoreFileSystemEndpoint": "azuredatalakestore.sovcloud-api.fr",
"keyvaultDns": ".vault.sovcloud-api.fr",
"mariadbServerEndpoint": ".mariadb.database.sovcloud-api.fr",
"mhsmDns": ".managedhsm.sovcloud-api.fr",
"mysqlServerEndpoint": ".mysql.database.sovcloud-api.fr",
"postgresqlServerEndpoint": ".postgres.database.sovcloud-api.fr",
"sqlServerHostname": ".database.sovcloud-api.fr",
"storageEndpoint": "core.sovcloud-api.fr",
"storageSyncEndpoint": "afs.sovcloud-api.fr",
"synapseAnalyticsEndpoint": ".dev.azuresynapse.sovcloud-api.fr"
}
}
With that context, login works :
alex@avd-dts-stdr-2:~$ az login --use-device-code --debug
cli.knack.cli: Command arguments: ['login', '--use-device-code', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x0000021879F69A80>, <function OutputProducer.on_global_arguments at 0x000002187A511B20>, <function CLIQuery.on_global_arguments at 0x000002187A54F920>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Using packaged command index for profile 'latest'.
cli.azure.cli.core: Found installed extension 'ad' (azext_ad).
cli.azure.cli.core: Blending packaged core index with local extension index.
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules...
cli.azure.cli.core: Loaded command modules in parallel:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.010 2 8
cli.azure.cli.core: Total (1) 0.056 2 8
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 2 groups, 8 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000002187A6902C0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\DEV-AlexandreMOUGEL.azure\commands\2026-04-14.09-11-46.login.14204.log'.
az_command_data_logger: command args: login --use-device-code --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000002187A6DA3E0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000002187A6DA480>, <function register_global_policy_argument..add_global_policy_argument at 0x000002187A6DA5C0>, <function register_cache_arguments..add_cache_arguments at 0x000002187A6DA660>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x000002187A6DA700>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000002187A511BC0>, <function CLIQuery.handle_query_parameter at 0x000002187A54F9C0>, <function register_ids_argument..parse_ids_arguments at 0x000002187A6DA520>]
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\DEV-AlexandreMOUGEL\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\DEV-AlexandreMOUGEL.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.application: Broker enabled? True
urllib3.connectionpool: Starting new HTTPS connection (1): login.sovcloud-identity.fr:443
urllib3.connectionpool: https://login.sovcloud-identity.fr:443 "POST /organizations/oauth2/v2.0/devicecode HTTP/1.1" 200 553
To sign in, use a web browser to open the page https://login.sovcloud-identity.fr/common/oauth2/deviceauth and enter the code [Redacted] to authenticate.
msal.telemetry: Generate or reuse correlation_id: 17cb3678-d257-47c2-9067-06bde447e229
urllib3.connectionpool: https://login.sovcloud-identity.fr:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 502