How to use Managed Identities to access Azure resources securely
Вставка
- Опубліковано 14 лип 2024
- HOW TO USE MANAGED IDENTITIES TO ACCESS AZURE RESOURCES SECURELY - Learn how to use Azure Active Directory’s Managed Identities to access cloud resources securely.
Having a crisis of Azure identity? You’d be surprised all the places in Azure where you can make use of Microsoft’s identity tools. In this episode of #KnowOps, Dana shows us the magic of Azure Managed Identities, as well as how to use them to safely use secrets inside of a Linux instance.
--
Continue the conversation on social media using the hashtag #knowops. Or join our private LinkedIn group at / 13754782
We 💖 #azops
#azure #itops #knowops - Наука та технологія
Thanks for watching this week's episode. My sincere apologies for the poor audio in the screencast portion. My good mic died and I had to use the actual source from the Surfacebook, which isn't anywhere near as good. We tried to clean it up, but I know its not ideal. No matter though... I am still able to show how sweet managed identities are!!! Hope you like it!
not a major issue... love the background music.
It's also awesome to see Managed Identities working on K8s too. :)
You are too good to be truth. Such a detailed and logical step by step explanation is close to impossible to be found nova days. Thank you, and I hope one day you start your channel once again.
Thanks for this, very clear and helpful. As a remark: don't switch mid-way from CLI to UI, now I'm stuck with half the commands to do this. (Or if you do switch over in the video to UI, mention that the commands can be found in the description/some website/...)
great video: short, to the point and practical - thx!
Thanks for this great video. A very clear and useful video to understand managed identities in Azure.
Great Video. Definitely a keeper. Unfortunately this is way over my head. Not sure how long you've been doing this but damn your good. I understand its value but creating and managing it will take me sometime to learn well. Thanks for all your videos.
Very helpful, thank you for the great guides. :)
Great video. thanks for sharing.
Clear presentation and very useful....
Brilliant as usual🙌
Thanks. This was very helpful.
Learned something new. Thanks
nice demo, thanks a lot.
Very useful
Awesome !!
I LOVE your video bro
Great content here. Just sad that Dana got taken by the Covid 😢
Greate video.
Good vídeo 👍
You're the best
Azure Academy can learn a trick or 2 from you sir! Just one remark if you don't mind: The videos in the playlist are in no particular order, this is actually the first video and from the sound of it, there are obviously previous lessons. Perhaps you might consider rearranging the content of the play list?
That's great feedback. We'll look into.
Nice contents in your videos thanks
Glad you like them!
New subscriber here. I like your presentation style.
Thanks Ed!
Sir, I am new to Azure DevOps, this designation is quite new. I have a question, can we fetch servicePrincipaID using the Managed identity or Uploaded certificate (.cer) using PowerShell? If Yes, then please lead me.
hi Dana, thanks for sharing this super useful!! what is the terminal you use for Azure cli?
Hey Ivan, I use the “Windows Terminal” from Microsoft, which you can download for free from the Microsoft Store. It supports a cmd shell, PowerShell and even Azure CloudShell. I also use it with WSL so I have a full bash environment. HTH!
Thanks. Can you do a video of how to use managed identities correctly within a devops pipeline? I see you can create a service connection for Azure Resource Manager which allows the Managed Identity option but it doesn't allow me to specify which managed identity I want to use. I'm very confused.
You need a service principal
I'm now just wondering how assigning a UAMI to the Linux VM in ARM suddenly gives you access to the token inside the VM. I imagine it's some Azure agent/service or something that passes it through, but I am curious.
How to get the activity log of the Managed identity? for example, if MI is used to access secret in KV, how to get it logged...
Take a look at the AADManagedIdentitySignInLogs object for Azure Monitor at docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/aadmanagedidentitysigninlogs
Please help me understand. At 9:04 , after you assigned the Managed Identity to the Linux VM and then did a CURL operation to fetch the access token , how did MS authenticate the HTTP request that originated due to CURL ?
Hey Saurabh, a good place to start to learn how the Azure metadata service exposed at 169.254.169.254 works would be to check out this article: docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token
Another article that showcases more info on what is exposed from the metadata service is at docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service
hi how can i leverage the managed identity when my resource is in another tenant and my azure AD is in separate tenant?
Well, if the identities are across tenants you will have a hard time. While you can federate between directories, that's not something you would use with managed identities. What exactly are you wanting to accomplish?
Hi speaker nice videos. Could I connect you in fb or watsapp. Need some help in azure
Waiting for Azure Sentinel episode ...