Managed identities, System or User identity, allow access to Azure resources that support AAD Authentication without managing credentials. These identities are managed in Azure Active Directory automatically.
It is a great feature from the security perspective because credentials are not maintained anywhere. Managed identities can be used without any additional cost.
Managed identies are of two types –
System-assigned: Some services allow to create System Assigned Identity of the service instance. This identity can be turned ON/OFF from the Identity option of the Azure Service. Once, identity has been assigned to the Azure resource, it can request a token from Azure AD. This identity cannot be shared means it can be associated to a single Azure Resource at a time.
User-assigned: This identity can be assigned to a single Azure resource. Once an identity has been created, then you have to explicitly delete it. This identity can be shared, which means it can be associated with multiple Azure Resource.
Many services support managed identity in Azure so here is the list of some services-
Supported Services
- API Management
- Application Gateway
- Azure App Configuration
- Azure App Service
- Azure Arc enabled Kubernetes
- Azure Arc enabled servers
- Azure Automation
- Azure Batch
- Azure Blueprints
- Azure Cache for Redis
- Azure Container Instance
- Azure Container Registry
- Azure Cognitive Services
- Azure Data Factory
- Azure Digital Twins
- Azure Event Grid
- Azure Image Builder
- Azure IoT Hub
- Azure Logic Apps
- Azure Log Analytics cluster
- Azure Machine Learning Services
- Azure Managed Disk
- Azure Media services
- Azure Monitor
- Azure Policy
- Microsoft Purview
- Azure Resource Mover
- Azure Site Recovery
- Azure Search
- Azure Service Bus
- Azure Service Fabric
- Azure SignalR Service
- Azure Spring Cloud
- Azure SQL
- Azure SQL Managed Instance
- Azure Stack Edge
- Azure Static Web Apps
- Azure Stream Analytics
- Azure Synapse
- Azure VM image builder
- Azure Virtual Machine Scale Sets
- Azure Virtual Machines
- Azure Web PubSub Service
This is not an exhaustive list, but it covers most of Azure services that support managed identies. So, if you are using any of above mentioned services then managed identies would be a better option in terms of maintainability. For Example – Password rotation.
If you have any suggestions/feedback, please put them in the comment box.
Happy Learning 🙂
Leave a Reply