Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Lock down access to Azure using identity

344 visualizaciones

Publicado el

Azure’s identity and access functionality provides a comprehensive set of controls for managing access to the cloud. In this session, learn how to use conditional access to limit who can sign-in to the Portal, PowerShell, and CLI, use privileged identity management for “Just In Time” owner access, use Managed Service Identity instead of having to create and manage Service Principals by hand, and use Azure AD to sign-in to Virtual Machines so you can stop managing local accounts. Also, get a sneak peek at the feature roadmap for controlling access to Azure resources.

Publicado en: Tecnología
  • Sé el primero en comentar

Lock down access to Azure using identity

  1. 1. Alice Global Admin Bob Subscription Owner Charlene Dev/Ops Robot (Robot) People in this story…
  2. 2. Operation Example Get a token for Azure Resource Manager curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02- 01&resource=https://management.azure.com/' -H Metadata:true Read a VM in Azure Resource Manager curl 'https://management.azure.com/subscriptions/80c696ff-5efa-4909-a64d- f1b616f423ca/resourceGroups/SALES- PROD/providers/Microsoft.Compute/virtualMachines/SALES-FE-01?api-version=2017-12-01' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESSTOKEN>" Get a token for Azure Storage curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02- 01&resource=https://storage.azure.com/' -H Metadata:true Read a blob in Azure Storage curl 'https://<STORAGE-ACCOUNT>.blob.core.windows.net/<CONTAINER>/<BLOB>' -H "x-ms- version: 2017-11-09" -H "Authorization: Bearer <ACCESSTOKEN>" Get a token for Azure Key Vault curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02- 01&resource=https://vault.azure.net' -H Metadata:true Read a secret from Azure Key Vault curl 'https://<VAULT-URL>/secrets/<SECRET>?api-version=2016-10-01' -H "Authorization: Bearer <ACCESSTOKEN>"
  3. 3. http://aka.ms/azureiam

×