Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can an System assigned managed service identity be added to an AAD group?

Tags:

azure-managed-identity

azure-data-lake

azure-data-factory-2

I have an Azure Data Factory V2 service running with an MSI identity. This service needs to access a Data Lake Gen 1 with thousands of folders and millions of files.

For efficiency, we have a group assigned to the root of the data lake which has RX permissions and these are inherited and defaulted throughout the tree.

I'd like to add the above ADF MSI to this group and I cannot figure out how to via the portal AAD blade.

I can assign this MSI to the datalake directly but it then has to update millions of files which is slow and error prone (the blade needs to be kept open while the permissions are applied and this often fails over the hours it takes due to a network glitch).

Mark.

like image 312
MarkD Avatar asked Oct 29 '18 19:10

MarkD

People also ask

How a system assigned Managed Identity works with an Azure VM?

System-assigned managed identityThe service principal is created in the Azure AD tenant that's trusted by the subscription. Azure Resource Manager updates the VM identity using the Azure Instance Metadata Service identity endpoint, providing the endpoint with the service principal client ID and certificate.

What is the difference between a user assigned managed identity and a system assigned managed identity?

There are two types of managed identities: system-assigned and user-assigned. System-assigned managed identities have their lifecycle tied to the resource that created them. User-assigned managed identities can be used on multiple resources.

Do all Azure resources support managed identity?

Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. Using a managed identity, you can authenticate to any service that supports Azure AD authentication without managing credentials.

2 Answers

Yes. You can add a system assigned managed identity to an Azure AD group. See this link, for how it can be achieved via PowerShell: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql#create-a-group-in-azure-ad-and-make-the-vms-system-assigned-managed-identity-a-member-of-the-group

like image 170
Arturo Lucatero - MSFT Avatar answered Oct 12 '22 22:10

Arturo Lucatero - MSFT

This is also possible using the Azure CLI now:

az ad group member add --group <Group Object ID or Name> --member-id <Object ID of your managed identity>
like image 20
Martin Brandl Avatar answered Oct 13 '22 00:10

Martin Brandl
Sign in to Comment

Related questions

Query Vs Filter in Elastic Search
How to activate focus on material design web component text field?
Why update picture doesn't detect file uploaded?
Async initiator in Javascript
Argument of type 'IconDefinition' is not assignable to parameter of type 'IconDefinitionOrPack'
How to use `templateref` from other Angular component?
Static Data from xunit MemberData function is computed twice
How to create a datetime indexed pandas DataFrame with hypothesis library?
Q# compiler errors in Quantum Development Kit on macOS
PreferenceActivity: getFragmentManager() has been deprecated
session_cache_limiter error in symfony2.8 with php 7.2
Excel vba: call Worksheet_change from another worksheet

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!