Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Lock down access to Azure using identity

325 views

Published on

Azure’s identity and access functionality provides a comprehensive set of controls for managing access to the cloud. In this session, learn how to use conditional access to limit who can sign-in to the Portal, PowerShell, and CLI, use privileged identity management for “Just In Time” owner access, use Managed Service Identity instead of having to create and manage Service Principals by hand, and use Azure AD to sign-in to Virtual Machines so you can stop managing local accounts. Also, get a sneak peek at the feature roadmap for controlling access to Azure resources.

Published in: Technology
  • Be the first to comment

Lock down access to Azure using identity

  1. 1. Alice Global Admin Bob Subscription Owner Charlene Dev/Ops Robot (Robot) People in this story…
  2. 2. Operation Example Get a token for Azure Resource Manager curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02- 01&resource=https://management.azure.com/' -H Metadata:true Read a VM in Azure Resource Manager curl 'https://management.azure.com/subscriptions/80c696ff-5efa-4909-a64d- f1b616f423ca/resourceGroups/SALES- PROD/providers/Microsoft.Compute/virtualMachines/SALES-FE-01?api-version=2017-12-01' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESSTOKEN>" Get a token for Azure Storage curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02- 01&resource=https://storage.azure.com/' -H Metadata:true Read a blob in Azure Storage curl 'https://<STORAGE-ACCOUNT>.blob.core.windows.net/<CONTAINER>/<BLOB>' -H "x-ms- version: 2017-11-09" -H "Authorization: Bearer <ACCESSTOKEN>" Get a token for Azure Key Vault curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02- 01&resource=https://vault.azure.net' -H Metadata:true Read a secret from Azure Key Vault curl 'https://<VAULT-URL>/secrets/<SECRET>?api-version=2016-10-01' -H "Authorization: Bearer <ACCESSTOKEN>"
  3. 3. http://aka.ms/azureiam

×