Azure Managed Identities (technical service accounts)

Explaination

  • Azure Managed Identities = technical service accounts
  • Password is automatically managed, as it was the case in managed service accounts in OnPrem ActiveDirectory
  • Managed Identity types:
    • System Managed Idendity ==> strictly assigned to a single Azure system (like a VM), cant be shared with another system
    • User Managed Identity ==> for example for HA-clusters, in which all HA-nodes need the same user

Managed Identities dont use a password, instead they use OAuth2 and its token --> https://169.254.169.254/metadata/identity/oauth2/token 

Source https://medium.com/@siddiquimohammad0807/azure-managed-identity-types-and-importance-c64f6292577d

Source: https://medium.com/@siddiquimohammad0807/azure-managed-identity-types-and-importance-c64f6292577d


Example

  • When using PowerShell Connect-AzAccount --> a new window for username+password+mfa is opened --> these will be used as credentials


  • When using PowerShell Connect-AzAccount - Identity --> no new window is opened, instead the managed identity is used --> Powershell sends HTTPS OAuth2 Query to Azure IMDS "Instance Meta Data Service" and received a token, which is then used

Windows PowerShell
Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows
PS C:\Users\Administrator20>
PS C:\Users\Administrator20>
PS C:\Users\Administrator20> Install-Module Az 
NuGet provider is required to continue 
PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGetprovider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies'  or 'C:\Users\Administrator20\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install
 and import the NuGet provider now?
[Y] Yes[N] No[S] Suspend[?] Help (default is "Y"): y
 
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes[A] Yes to All[N] No[L] No to All[S] Suspend[?] Help (default is "N"): y
PS C:\Users\Administrator20>
PS C:\Users\Administrator20>
PS C:\Users\Administrator20> Connect-AzAccount -Identity
 
Subscription name Tenant
----------------- ------
274102ec-cd24-4af2-a4c2-832941ce526f
 
 
PS C:\Users\Administrator20>
PS C:\Users\Administrator20>


at No comments:
Labels: , ,
Subscribe to: Posts (Atom)

Azure Managed Identities (technical service accounts)

Explaination Azure Managed Identities = technical service accounts Password is automatically managed, as it was the case in managed service ...