Authenticating with Azure Active Directory requires providing an app or service principal ID. If you don’t provide one, AzureRMR will authenticate using the Azure CLI cross-platform app. This is sufficient for most purposes, however if necessary you can create your own service principal to authenticate with. For example, if security is a concern, this lets you restrict the scope of the resources that AzureRMR that manipulate.
Creating a service principal is a one-time task, and the easiest method is to use the Azure cloud shell.
az ad sp create-for-rbac --name {app-name} --subscription "{your-subscription-name}" --years {N}, substituting the desired name of your service principal (try to make it memorable to you, and unlikely to clash with other names), your subscription name, and the number of years you want the password to be valid.
If you want to allow access at something other than subscription level, you can use the --scopes argument in place of --subscription. For example, to restrict AzureRMR to only the “AnalyticsRG” resource group: az ad sp create-for-rbac --scopes /subscriptions/{your-subscription-ID}/resourceGroups/AnalyticsRG.
Once you have created your own service principal, you can supply the app ID and password as arguments to create_azure_login. You’ll also have to supply your Azure Active Directory tenant, as AAD does not have access to your personal credentials.