Managed Identity

What is Azure Managed Identity?

Azure Managed Identity is a feature in Microsoft Azure that helps enhance the security of applications and services by providing an automatically managed identity in Azure Active Directory (Azure AD). It simplifies the way applications authenticate with various Azure services and resources, reducing the need for credentials and secrets in your code.

Here are some of the benefits of using managed identities:

·       You don't need to manage credentials. Credentials aren’t even accessible to you.

·       You can use managed identities to authenticate to any resource that supports Azure AD authentication

·       Managed identities can be used at no extra cost.

 

There are two types of managed identity

 

System managed Identity and User managed identity

Here are some key points about System-assigned Managed Identities:

Property

System -Assigned Identity

User-Managed Identity

Creation

Created as part of an Azure resource (for example, Azure Virtual Machines or Azure App Service).

Created as a stand-alone Azure resource.

Life cycle

 

Shared life cycle with the Azure resource that the managed identity is created with.
When the parent resource is deleted, the managed identity is deleted as well.

 

Independent life cycle.
Must be explicitly deleted.

Sharing across Azure resources

 

System- Assigned identity Cannot be shared.
It can only be associated with a single Azure resource.

Can be shared.
The same user-assigned managed identity can be associated with more than one Azure resource.

Common use cases

 

 

Workloads contained within a single Azure resource.
Workloads needing independent identities.
For example, an application that runs on a single virtual machine.

Workloads that run on multiple resources and can share a single identity.
Workloads needing pre-authorization to a secure resource, as part of a provisioning flow.
Workloads where resources are recycled frequently, but permissions should stay consistent.
For example, a workload where multiple virtual machines need to access the same resource.


                                                          System manged Identity


                                User Managed Identity

Comments

Post a Comment

Popular posts from this blog

Script

# Change time to IST Set-TimeZone -Name “India Standard Time”  # Enable firewall to ping server each other :-   New-NetFirewallRule -DisplayName "Allow ICMPv4-In" -Protocol ICMPv4   # PowerShell command to install ISS # install IIS server role   Install-WindowsFeature -name Web-Server -IncludeManagementTools   # remove default htm file   remove-item   C:\inetpub\wwwroot\iisstart.htm   # Add a new htm file that displays server name   Add-Content -Path "C:\inetpub\wwwroot\iisstart.htm" -Value $("Hello World from " + $env:computername)     # Powershell command to install google chrome   $LocalTempDir = $env:TEMP; $ChromeInstaller = "ChromeInstaller.exe"; (new-object     System.Net.WebClient).DownloadFile('http://dl.google.com/chrome/install/375.126/chrome_installer.exe', "$LocalTempDir\$ChromeInstaller"); & "$LocalTempDir\$ChromeInstaller" /silent /install; $Process2Monitor = ...
Read more

Landing Zone

What is Azure landing zone   An Azure Landing Zone is a set of best practices and guidelines provided by Microsoft to help organizations establish a well-structured and standardized foundation for deploying workloads and applications in the Microsoft Azure cloud environment. It is essentially a framework that assists organizations in setting up their Azure environment with a focus on key areas such as security, governance, compliance, and operational efficiency. Here are the main aspects and objectives of an Azure Landing Zone: 1. ** Security **: Implementing robust security measures to protect data and resources in Azure, including network security, identity and access management, and compliance with security standards. 2. ** Governance **: Defining and enforcing policies and standards for resource provisioning, naming conventions, and compliance requirements. This ensures that Azure resources are created and managed consistently across the organization. 3. ** Networking **: ...
Read more

Migration

  Prepare a machine for the replication appliance The Migration and modernization tool uses a replication appliance to replicate machines to Azure. The replication appliance runs the following components. Configuration server : The configuration server coordinates communications between on-premises and Azure, and manages data replication. Process server : The process server acts as a replication gateway. It receives replication data; optimizes it with caching, compression, and encryption, and sends it to a cache storage account in Azure. Run a test migration When delta replication begins, you can run a test migration for the VMs, before running a full migration to Azure. We highly recommend that you do this at least once for each machine, before you migrate it. Running a test migration checks that migration will work as expected, without impacting the on-premises machines, which remain operational, and continue replicating. Test migration simulates the migration by creating an Azur...
Read more