10.27.1 - Your sign-in was successful but your admin requires the device requesting access to be managed by <Contoso> to access this resource.

[pgbfnf]

Unable to authenticate using "azcopy login" and device code (similar process with Azure CLI works fine - "az login --use-device-code")

in summary:

az login --use-device-code = works fine
azcopy login (which prompts for login using device code) = fails

Azure AD admin said "what you want to do is figure out how to get azcopy.exe to login using your existing credentials primary refresh token (ie no device code flow)"

[seanmroberts12]

Commenting for visibility as experiencing the same issue

[pgbfnf]

NOTE - https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows
"To bolster security posture, Microsoft recommends blocking or restricting device code flow wherever possible."

the code needs to support not using device code flow for interactive logins (or use an existing token), as using a device code is deemed less secure by Microsoft

Ideally, this code should allow a connection with an already signed on user, who has a valid token for Azure AD. (either through the portal, azure cli or powershell)

Our company is blocking usage of device code logins, and also does not allow SAS tokens for storage accounts (instead requiring Entra ID auth, per Microsoft's recommendations).