
close
close
This post will discuss what Azure Active Directory Authentication for Azure Linux virtual machines is, how to configure it, and how to login.
Note that this is a preview feature. Most of the time, preview features are supported for production workloads but this time, Microsoft has stated:
This feature is in preview and is not recommended for use with production virtual machines or workloads. Use this feature on a test virtual machine that you expect to discard after testing.
advertisment
It is a cool new feature and it is worth having a look at. At this time, it only works with the following Linux distributions but in all regions, except for the sovereign/government clouds:
Windows Server support is scheduled for later this year.
Microsoft’s documentation explains how you can deploy the setting using CLI (an alternative to PowerShell) but it is possible to deploy using the Azure Portal, as I will show here.
Normally you sign into a Linux virtual machine using a local username with a password or SSH key. It is possible to join machines to a central authority, such as Active Directory Domain Services (or Azure AD Domain Services), but Active Directory is not always suitable. With this new preview feature, you can get server/application administrators/developers to sign in using their corporate credentials via Azure AD without any kind of domain join. Benefits include:
An extension (AADLoginForLinux) is installed in the virtual machine to enable integration with Azure AD.
To be able to sign into a virtual machine, an administrator’s or user’s account (or a group they are a member of) must have been granted access via Role-Based Access Control – being an owner/contributor over the virtual machine is not enough!
advertisment
There are two ways that you can deploy the AADLoginForLinux extension into an Azure virtual machine. The first is to enable it in the Basics blade while creating the virtual machine:
Enabling Azure AD Authentication with an Azure Linux VM During Setup [Image Credit: Aidan Finn]
az vm extension set --publisher Microsoft.Azure.ActiveDirectory.LinuxSSH --name AADLoginForLinux --resource-group petri --vm-name vm-linux-01
It will take a minute or two for this installation to complete.
You will need to grant people rights to sign into the virtual machine. This is the case even for subscription owners and contributors because being a subscription owner doesn’t mean you should have rights to the guest OS!
Authentication is done using Azure AD user accounts/group and resource permissions. Since the days of Windows NT, the best way to do permissions is users > groups > permission. I have created a group with some member users.
This Group Will Be Used to Grant the Right to Login to Linux Virtual Machines Via Azure AD [Image Credit: Aidan Finn]
In my example, I will set permissions at the resource group level. I have opened the resource group that contains my Linux virtual machines and clicked Access Control (IAM). A popup blade called Add Permissions appears when I click + Add.
There are two possible roles/permissions that I can grant:
advertisment
In my example, I am granting Virtual Machine Administrator Login rights to the group that I created earlier:
Granting login Rights to a Linux Virtual Machine Via Azure AD RBAC [Image Credit: Aidan Finn]
When I attempt to sign into the Linux virtual machine now, I can use my Azure AD user account. This can be seen in the login command that the Connect To Virtual Machine popup blade shares when you click Connect in a Linux virtual machine’s blade.
Clicking Connect with a Linux Virtual Machine in the Azure Portal [Image Credit: Aidan Finn]
Signed Into Linux Via Azure AD Single-Sign In [Image Credit: Aidan Finn]
More from Aidan Finn
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Microsoft Azure
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft Addresses Cross-Tenant Database Vulnerability in Azure PostgreSQL
Apr 29, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
System Center 2022 is Now Available with New Datacenter Management Capabilities
Apr 4, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group