SlideShare a Scribd company logo
Log in to a Linux virtual
machine in Azure using
AAD authentication
Takayoshi Tanaka, Software Maintenance Engineer
tatanaka@redhat.com
What’s this?
Log in to the RHEL server with a user authenticated by Azure
AD
Azure Administrator can also manage who can login to Linux
server in Azure.
This authentication is not “Kerberos” integration.
This is a Preview feature. See detail for the doc:
https://docs.microsoft.com/ja-jp/azure/virtual-machines/linux/login-
using-aad
Benefits
Improved security
◦ No need to create a local administrator
◦ Centralize the authentication to AAD, world-level secure IDP
◦ You can configure a multi factor authentication
Seamless collaboration
◦ You can specify who can sign in to a given VM as a regular user or with
administrator privileges
◦ Their user account is disabled or removed from Azure AD, they no
longer have access to your resources
Supported Azure regions and
Linux distributions
Distribution Version
CentOS CentOS 6.9 and CentOS 7.4
RedHat Enterprise Linux RHEL 7
Ubuntu Server Ubuntu 14.04 LTS, Ubuntu Server 16.04, and
Ubuntu Server 17.10
How to use?
1. Create a VM as a usual step. Be sure to install the latest WALinuxAgent.
2. Install the Azure AD login VM extension
$ az vm extension set --publisher Microsoft.Azure.ActiveDirectory.LinuxSSH 
--name AADLoginForLinux --resource-group myResourceGroup --vm-name myVM
How to use?
3. Configure role assignments for the VM
$ username=<your_ms_accounr_name_for_azure>
$ vm=$(az vm show --resource-group myResourceGroup --name myVM --query id -o tsv)
$ az role assignment create --role "Virtual Machine Administrator Login" 
--assignee $username --scope $vm
NOTE
If your MS account is the same domain of AAD,
you can use email for username.
If not, you should use Object ID which you can see in AAD portal.
email
Object ID
Login to VM
$ ssh -l <user_account> <public_ip_or_host>
Type ssh with specifying user account (=your Microsoft account) as usual.
Then the console ask you to visit the Microsoft device login URL and enter the specified code.
Login to VM
Open a browser and visit the device login URL and input the code.
If you haven’t logged in as your Microsoft Account, please login.
Login to VM
Now you can log in as a user.
If your account has “Virtual Machine Administrator Login” role,
you can “sudo” with the same way.
When you try “sudo”, the same login flow will be executed.
Inside VM Login
The VM extension manages the authentication.
It also creates the home directory and makes required configuration.

More Related Content

What's hot

Ci/CD - Stop wasting time, Automate your deployments
Ci/CD  - Stop wasting time, Automate your deploymentsCi/CD  - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deployments
Jerry Jalava
 
jclouds High Level Overview by Adrian Cole
jclouds High Level Overview by Adrian Colejclouds High Level Overview by Adrian Cole
jclouds High Level Overview by Adrian Cole
Everett Toews
 
Modern UI Development With Node.js
Modern UI Development With Node.jsModern UI Development With Node.js
Modern UI Development With Node.js
Ryan Anklam
 
Containerizing a Web Application with Vue.js and Java
Containerizing a Web Application with Vue.js and JavaContainerizing a Web Application with Vue.js and Java
Containerizing a Web Application with Vue.js and Java
Jadson Santos
 
Docker, Kubernetes, and Google Cloud
Docker, Kubernetes, and Google CloudDocker, Kubernetes, and Google Cloud
Docker, Kubernetes, and Google Cloud
Samuel Chow
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
openstackindia
 
Integrating OpenStack with Active Directory
Integrating OpenStack with Active DirectoryIntegrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
cjellick
 
Keystone: Federated
Keystone: FederatedKeystone: Federated
Keystone: Federated
jamielennox
 
Istio (service mesh) why and how
Istio (service mesh) why and howIstio (service mesh) why and how
Istio (service mesh) why and how
Milan Das
 
Spring Boot Revisited with KoFu and JaFu
Spring Boot Revisited with KoFu and JaFuSpring Boot Revisited with KoFu and JaFu
Spring Boot Revisited with KoFu and JaFu
VMware Tanzu
 
Oracle Java Cloud Service JCS (and WebLogic 12c) - What you Should Know
Oracle Java Cloud Service JCS (and WebLogic 12c) - What you Should KnowOracle Java Cloud Service JCS (and WebLogic 12c) - What you Should Know
Oracle Java Cloud Service JCS (and WebLogic 12c) - What you Should Know
Frank Munz
 
So Many Docker Platforms...so little time
So Many Docker Platforms...so little timeSo Many Docker Platforms...so little time
So Many Docker Platforms...so little time
Michele Leroux Bustamante
 
CloudStack, jclouds, Jenkins and CloudCat
CloudStack, jclouds, Jenkins and CloudCatCloudStack, jclouds, Jenkins and CloudCat
CloudStack, jclouds, Jenkins and CloudCat
Andrew Bayer
 
Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?
Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?
Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?
Carlos Sanchez
 
Introduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGIntroduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUG
Ajeet Singh Raina
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and Kubernetes
Arun Gupta
 
How we dockerized a startup? #meetup #docker
How we dockerized a startup? #meetup #docker How we dockerized a startup? #meetup #docker
How we dockerized a startup? #meetup #docker
Jonathan Martin
 
Spring Security Patterns
Spring Security PatternsSpring Security Patterns
Spring Security Patterns
VMware Tanzu
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & Microservices
Ajeet Singh Raina
 
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Virtual Meetup Docker + Arm: Building Multi-arch Apps with BuildxVirtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Docker, Inc.
 

What's hot (20)

Ci/CD - Stop wasting time, Automate your deployments
Ci/CD  - Stop wasting time, Automate your deploymentsCi/CD  - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deployments
 
jclouds High Level Overview by Adrian Cole
jclouds High Level Overview by Adrian Colejclouds High Level Overview by Adrian Cole
jclouds High Level Overview by Adrian Cole
 
Modern UI Development With Node.js
Modern UI Development With Node.jsModern UI Development With Node.js
Modern UI Development With Node.js
 
Containerizing a Web Application with Vue.js and Java
Containerizing a Web Application with Vue.js and JavaContainerizing a Web Application with Vue.js and Java
Containerizing a Web Application with Vue.js and Java
 
Docker, Kubernetes, and Google Cloud
Docker, Kubernetes, and Google CloudDocker, Kubernetes, and Google Cloud
Docker, Kubernetes, and Google Cloud
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
 
Integrating OpenStack with Active Directory
Integrating OpenStack with Active DirectoryIntegrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
 
Keystone: Federated
Keystone: FederatedKeystone: Federated
Keystone: Federated
 
Istio (service mesh) why and how
Istio (service mesh) why and howIstio (service mesh) why and how
Istio (service mesh) why and how
 
Spring Boot Revisited with KoFu and JaFu
Spring Boot Revisited with KoFu and JaFuSpring Boot Revisited with KoFu and JaFu
Spring Boot Revisited with KoFu and JaFu
 
Oracle Java Cloud Service JCS (and WebLogic 12c) - What you Should Know
Oracle Java Cloud Service JCS (and WebLogic 12c) - What you Should KnowOracle Java Cloud Service JCS (and WebLogic 12c) - What you Should Know
Oracle Java Cloud Service JCS (and WebLogic 12c) - What you Should Know
 
So Many Docker Platforms...so little time
So Many Docker Platforms...so little timeSo Many Docker Platforms...so little time
So Many Docker Platforms...so little time
 
CloudStack, jclouds, Jenkins and CloudCat
CloudStack, jclouds, Jenkins and CloudCatCloudStack, jclouds, Jenkins and CloudCat
CloudStack, jclouds, Jenkins and CloudCat
 
Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?
Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?
Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?
 
Introduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGIntroduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUG
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and Kubernetes
 
How we dockerized a startup? #meetup #docker
How we dockerized a startup? #meetup #docker How we dockerized a startup? #meetup #docker
How we dockerized a startup? #meetup #docker
 
Spring Security Patterns
Spring Security PatternsSpring Security Patterns
Spring Security Patterns
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & Microservices
 
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Virtual Meetup Docker + Arm: Building Multi-arch Apps with BuildxVirtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
Virtual Meetup Docker + Arm: Building Multi-arch Apps with Buildx
 

Similar to Log in to a Linux VM in Azure using AAD authentication

Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Amazon Web Services
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
IDERA Software
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slides
Andre Debilloez
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Vladimir Samoylov
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure Environment
Michael Collier
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best Practices
DoiT International
 
Azure from scratch Part 1 By Girish Kalamati
Azure from scratch Part 1 By Girish KalamatiAzure from scratch Part 1 By Girish Kalamati
Azure from scratch Part 1 By Girish Kalamati
Girish Kalamati
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
Amazon Web Services
 
Developing and deploying windows azure applications
Developing and deploying windows azure applicationsDeveloping and deploying windows azure applications
Developing and deploying windows azure applications
Manish Corriea
 
Azure provisioning at your control
Azure provisioning at your controlAzure provisioning at your control
Azure provisioning at your control
Govind Kanshi
 
Playing with php_on_azure
Playing with php_on_azurePlaying with php_on_azure
Playing with php_on_azure
CEDRIC DERUE
 
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
MUG-Lyon Microsoft User Group
 
Moving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway MeetupMoving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway Meetup
Giulio Vian
 
AWS Users Authentication
AWS Users AuthenticationAWS Users Authentication
AWS Users Authentication
chandrasen Reddy
 
Introduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKIntroduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDK
Peter Selch Dahl
 
Multi-Factor Authentication for your clouds
Multi-Factor Authentication for your cloudsMulti-Factor Authentication for your clouds
Multi-Factor Authentication for your clouds
Alexandre Verkinderen
 
Automating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAutomating Azure VMs with PowerShell
Automating Azure VMs with PowerShell
Alexander Feschenko
 
beAuth
beAuthbeAuth
AWSM2C3.pptx
AWSM2C3.pptxAWSM2C3.pptx
AWSM2C3.pptx
RahulDange13
 

Similar to Log in to a Linux VM in Azure using AAD authentication (20)

Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
 
Microsoft Azure ad in 10 slides
Microsoft Azure ad in 10 slidesMicrosoft Azure ad in 10 slides
Microsoft Azure ad in 10 slides
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
Security Basics in AWS or How To Get Rid of Hardcoded Credential and Reduce D...
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure Environment
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best Practices
 
Azure from scratch Part 1 By Girish Kalamati
Azure from scratch Part 1 By Girish KalamatiAzure from scratch Part 1 By Girish Kalamati
Azure from scratch Part 1 By Girish Kalamati
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
Developing and deploying windows azure applications
Developing and deploying windows azure applicationsDeveloping and deploying windows azure applications
Developing and deploying windows azure applications
 
Azure provisioning at your control
Azure provisioning at your controlAzure provisioning at your control
Azure provisioning at your control
 
Playing with php_on_azure
Playing with php_on_azurePlaying with php_on_azure
Playing with php_on_azure
 
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
 
Moving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway MeetupMoving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway Meetup
 
AWS Users Authentication
AWS Users AuthenticationAWS Users Authentication
AWS Users Authentication
 
Introduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKIntroduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDK
 
Multi-Factor Authentication for your clouds
Multi-Factor Authentication for your cloudsMulti-Factor Authentication for your clouds
Multi-Factor Authentication for your clouds
 
Automating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAutomating Azure VMs with PowerShell
Automating Azure VMs with PowerShell
 
beAuth
beAuthbeAuth
beAuth
 
AWSM2C3.pptx
AWSM2C3.pptxAWSM2C3.pptx
AWSM2C3.pptx
 

More from Takayoshi Tanaka

deep dive distributed tracing
deep dive distributed tracingdeep dive distributed tracing
deep dive distributed tracing
Takayoshi Tanaka
 
202202 open telemetry .net handson
202202 open telemetry .net handson202202 open telemetry .net handson
202202 open telemetry .net handson
Takayoshi Tanaka
 
202109-New_Relic-for-csharp-engineers
202109-New_Relic-for-csharp-engineers202109-New_Relic-for-csharp-engineers
202109-New_Relic-for-csharp-engineers
Takayoshi Tanaka
 
20210129 azure webapplogging
20210129 azure webapplogging20210129 azure webapplogging
20210129 azure webapplogging
Takayoshi Tanaka
 
20201127 .NET 5
20201127 .NET 520201127 .NET 5
20201127 .NET 5
Takayoshi Tanaka
 
Unity(再)入門
Unity(再)入門Unity(再)入門
Unity(再)入門
Takayoshi Tanaka
 
最近のQ#について
最近のQ#について最近のQ#について
最近のQ#について
Takayoshi Tanaka
 
SRENEXT 2020 [B5] New RelicのSREに学ぶ SREのためのNew Relic活用法
SRENEXT 2020 [B5] New RelicのSREに学ぶSREのためのNew Relic活用法SRENEXT 2020 [B5] New RelicのSREに学ぶSREのためのNew Relic活用法
SRENEXT 2020 [B5] New RelicのSREに学ぶ SREのためのNew Relic活用法
Takayoshi Tanaka
 
20191024 Get Start gRPC with ASP.NET
20191024 Get Start gRPC with ASP.NET20191024 Get Start gRPC with ASP.NET
20191024 Get Start gRPC with ASP.NET
Takayoshi Tanaka
 
New Relicで始める、.NET Applications on AWSのObservability
New Relicで始める、.NET Applications on AWSのObservabilityNew Relicで始める、.NET Applications on AWSのObservability
New Relicで始める、.NET Applications on AWSのObservability
Takayoshi Tanaka
 
C#エンジニアのためのdocker kubernetesハンズオン (再)
C#エンジニアのためのdocker kubernetesハンズオン (再)C#エンジニアのためのdocker kubernetesハンズオン (再)
C#エンジニアのためのdocker kubernetesハンズオン (再)
Takayoshi Tanaka
 
20190806 Q# Measurements
20190806 Q# Measurements20190806 Q# Measurements
20190806 Q# Measurements
Takayoshi Tanaka
 
C#エンジニアのためのdocker kubernetesハンズオン
C#エンジニアのためのdocker kubernetesハンズオンC#エンジニアのためのdocker kubernetesハンズオン
C#エンジニアのためのdocker kubernetesハンズオン
Takayoshi Tanaka
 
20190604 Containerized MagicOnion on kubernetes with Observability with New R...
20190604 Containerized MagicOnion on kubernetes with Observability with New R...20190604 Containerized MagicOnion on kubernetes with Observability with New R...
20190604 Containerized MagicOnion on kubernetes with Observability with New R...
Takayoshi Tanaka
 
.NET Core向けコンテナおよびデバッグ関連のVisual Studio 2019の機能
.NET Core向けコンテナおよびデバッグ関連のVisual Studio 2019の機能.NET Core向けコンテナおよびデバッグ関連のVisual Studio 2019の機能
.NET Core向けコンテナおよびデバッグ関連のVisual Studio 2019の機能
Takayoshi Tanaka
 
.NET Core向けコンテナおよびデバッグ関連のVisual Studioの新機能
.NET Core向けコンテナおよびデバッグ関連のVisual Studioの新機能.NET Core向けコンテナおよびデバッグ関連のVisual Studioの新機能
.NET Core向けコンテナおよびデバッグ関連のVisual Studioの新機能
Takayoshi Tanaka
 
Try! Visual Studio 209 git feature
Try! Visual Studio 209 git featureTry! Visual Studio 209 git feature
Try! Visual Studio 209 git feature
Takayoshi Tanaka
 
Q#基礎 ver1.1
Q#基礎 ver1.1Q#基礎 ver1.1
Q#基礎 ver1.1
Takayoshi Tanaka
 
(過去バージョン) Q#基礎 ver1.0
(過去バージョン) Q#基礎 ver1.0(過去バージョン) Q#基礎 ver1.0
(過去バージョン) Q#基礎 ver1.0
Takayoshi Tanaka
 
ゼロから始めるQ#
ゼロから始めるQ#ゼロから始めるQ#
ゼロから始めるQ#
Takayoshi Tanaka
 

More from Takayoshi Tanaka (20)

deep dive distributed tracing
deep dive distributed tracingdeep dive distributed tracing
deep dive distributed tracing
 
202202 open telemetry .net handson
202202 open telemetry .net handson202202 open telemetry .net handson
202202 open telemetry .net handson
 
202109-New_Relic-for-csharp-engineers
202109-New_Relic-for-csharp-engineers202109-New_Relic-for-csharp-engineers
202109-New_Relic-for-csharp-engineers
 
20210129 azure webapplogging
20210129 azure webapplogging20210129 azure webapplogging
20210129 azure webapplogging
 
20201127 .NET 5
20201127 .NET 520201127 .NET 5
20201127 .NET 5
 
Unity(再)入門
Unity(再)入門Unity(再)入門
Unity(再)入門
 
最近のQ#について
最近のQ#について最近のQ#について
最近のQ#について
 
SRENEXT 2020 [B5] New RelicのSREに学ぶ SREのためのNew Relic活用法
SRENEXT 2020 [B5] New RelicのSREに学ぶSREのためのNew Relic活用法SRENEXT 2020 [B5] New RelicのSREに学ぶSREのためのNew Relic活用法
SRENEXT 2020 [B5] New RelicのSREに学ぶ SREのためのNew Relic活用法
 
20191024 Get Start gRPC with ASP.NET
20191024 Get Start gRPC with ASP.NET20191024 Get Start gRPC with ASP.NET
20191024 Get Start gRPC with ASP.NET
 
New Relicで始める、.NET Applications on AWSのObservability
New Relicで始める、.NET Applications on AWSのObservabilityNew Relicで始める、.NET Applications on AWSのObservability
New Relicで始める、.NET Applications on AWSのObservability
 
C#エンジニアのためのdocker kubernetesハンズオン (再)
C#エンジニアのためのdocker kubernetesハンズオン (再)C#エンジニアのためのdocker kubernetesハンズオン (再)
C#エンジニアのためのdocker kubernetesハンズオン (再)
 
20190806 Q# Measurements
20190806 Q# Measurements20190806 Q# Measurements
20190806 Q# Measurements
 
C#エンジニアのためのdocker kubernetesハンズオン
C#エンジニアのためのdocker kubernetesハンズオンC#エンジニアのためのdocker kubernetesハンズオン
C#エンジニアのためのdocker kubernetesハンズオン
 
20190604 Containerized MagicOnion on kubernetes with Observability with New R...
20190604 Containerized MagicOnion on kubernetes with Observability with New R...20190604 Containerized MagicOnion on kubernetes with Observability with New R...
20190604 Containerized MagicOnion on kubernetes with Observability with New R...
 
.NET Core向けコンテナおよびデバッグ関連のVisual Studio 2019の機能
.NET Core向けコンテナおよびデバッグ関連のVisual Studio 2019の機能.NET Core向けコンテナおよびデバッグ関連のVisual Studio 2019の機能
.NET Core向けコンテナおよびデバッグ関連のVisual Studio 2019の機能
 
.NET Core向けコンテナおよびデバッグ関連のVisual Studioの新機能
.NET Core向けコンテナおよびデバッグ関連のVisual Studioの新機能.NET Core向けコンテナおよびデバッグ関連のVisual Studioの新機能
.NET Core向けコンテナおよびデバッグ関連のVisual Studioの新機能
 
Try! Visual Studio 209 git feature
Try! Visual Studio 209 git featureTry! Visual Studio 209 git feature
Try! Visual Studio 209 git feature
 
Q#基礎 ver1.1
Q#基礎 ver1.1Q#基礎 ver1.1
Q#基礎 ver1.1
 
(過去バージョン) Q#基礎 ver1.0
(過去バージョン) Q#基礎 ver1.0(過去バージョン) Q#基礎 ver1.0
(過去バージョン) Q#基礎 ver1.0
 
ゼロから始めるQ#
ゼロから始めるQ#ゼロから始めるQ#
ゼロから始めるQ#
 

Recently uploaded

Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAIApplying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
ssuserd4e0d2
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
SynapseIndia
 
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Bert Blevins
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
The Evolution of Remote Server Management
The Evolution of Remote Server ManagementThe Evolution of Remote Server Management
The Evolution of Remote Server Management
Bert Blevins
 
How to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdfHow to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdf
ChristopherTHyatt
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 

Recently uploaded (20)

Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAIApplying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
 
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
The Evolution of Remote Server Management
The Evolution of Remote Server ManagementThe Evolution of Remote Server Management
The Evolution of Remote Server Management
 
How to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdfHow to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdf
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 

Log in to a Linux VM in Azure using AAD authentication

  • 1. Log in to a Linux virtual machine in Azure using AAD authentication Takayoshi Tanaka, Software Maintenance Engineer tatanaka@redhat.com
  • 2. What’s this? Log in to the RHEL server with a user authenticated by Azure AD Azure Administrator can also manage who can login to Linux server in Azure. This authentication is not “Kerberos” integration. This is a Preview feature. See detail for the doc: https://docs.microsoft.com/ja-jp/azure/virtual-machines/linux/login- using-aad
  • 3. Benefits Improved security ◦ No need to create a local administrator ◦ Centralize the authentication to AAD, world-level secure IDP ◦ You can configure a multi factor authentication Seamless collaboration ◦ You can specify who can sign in to a given VM as a regular user or with administrator privileges ◦ Their user account is disabled or removed from Azure AD, they no longer have access to your resources
  • 4. Supported Azure regions and Linux distributions Distribution Version CentOS CentOS 6.9 and CentOS 7.4 RedHat Enterprise Linux RHEL 7 Ubuntu Server Ubuntu 14.04 LTS, Ubuntu Server 16.04, and Ubuntu Server 17.10
  • 5. How to use? 1. Create a VM as a usual step. Be sure to install the latest WALinuxAgent. 2. Install the Azure AD login VM extension $ az vm extension set --publisher Microsoft.Azure.ActiveDirectory.LinuxSSH --name AADLoginForLinux --resource-group myResourceGroup --vm-name myVM
  • 6. How to use? 3. Configure role assignments for the VM $ username=<your_ms_accounr_name_for_azure> $ vm=$(az vm show --resource-group myResourceGroup --name myVM --query id -o tsv) $ az role assignment create --role "Virtual Machine Administrator Login" --assignee $username --scope $vm
  • 7. NOTE If your MS account is the same domain of AAD, you can use email for username. If not, you should use Object ID which you can see in AAD portal. email Object ID
  • 8. Login to VM $ ssh -l <user_account> <public_ip_or_host> Type ssh with specifying user account (=your Microsoft account) as usual. Then the console ask you to visit the Microsoft device login URL and enter the specified code.
  • 9. Login to VM Open a browser and visit the device login URL and input the code. If you haven’t logged in as your Microsoft Account, please login.
  • 10. Login to VM Now you can log in as a user. If your account has “Virtual Machine Administrator Login” role, you can “sudo” with the same way. When you try “sudo”, the same login flow will be executed.
  • 11. Inside VM Login The VM extension manages the authentication. It also creates the home directory and makes required configuration.