Azure’s identity and access functionality provides a comprehensive set of controls for managing access to the cloud. In this session, learn how to use conditional access to limit who can sign-in to the Portal, PowerShell, and CLI, use privileged identity management for “Just In Time” owner access, use Managed Service Identity instead of having to create and manage Service Principals by hand, and use Azure AD to sign-in to Virtual Machines so you can stop managing local accounts. Also, get a sneak peek at the feature roadmap for controlling access to Azure resources.
6. Operation Example
Get a token for
Azure Resource
Manager
curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-
01&resource=https://management.azure.com/' -H Metadata:true
Read a VM in Azure
Resource Manager
curl 'https://management.azure.com/subscriptions/80c696ff-5efa-4909-a64d-
f1b616f423ca/resourceGroups/SALES-
PROD/providers/Microsoft.Compute/virtualMachines/SALES-FE-01?api-version=2017-12-01' -H
"Content-Type: application/json" -H Authorization:"Bearer <ACCESSTOKEN>"
Get a token for
Azure Storage
curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-
01&resource=https://storage.azure.com/' -H Metadata:true
Read a blob in Azure
Storage
curl 'https://<STORAGE-ACCOUNT>.blob.core.windows.net/<CONTAINER>/<BLOB>' -H "x-ms-
version: 2017-11-09" -H "Authorization: Bearer <ACCESSTOKEN>"
Get a token for
Azure Key Vault
curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-
01&resource=https://vault.azure.net' -H Metadata:true
Read a secret from
Azure Key Vault
curl 'https://<VAULT-URL>/secrets/<SECRET>?api-version=2016-10-01' -H "Authorization:
Bearer <ACCESSTOKEN>"