{"id":14742,"date":"2020-08-01T07:02:54","date_gmt":"2020-08-01T07:02:54","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=14742"},"modified":"2020-08-27T06:40:05","modified_gmt":"2020-08-27T06:40:05","slug":"using-vm-system-assigned-managed-identity-in-azure-active-directory","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/","title":{"rendered":"Using VM System Assigned Managed Identity in Azure Active Directory"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-304-microsoft-azure-architect-design\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to AZ-304 Tutorials<\/a><\/p>\n\n\n\n<p>In this we will learn and understand about accessing the Azure Resource Manager API using a Windows virtual machine with system-assigned managed identity enabled. We will discuss about granting VM access to a Resource Group in Azure Resource Manager and getting an access token using the VM identity and use it to call Azure Resource Manager<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Azure Managed Identity<\/strong><\/h2>\n\n\n\n<p>Managing identity for Azure resources is a feature of Azure Active Directory. Each of the Azure services supportING managed identities for Azure resources are subject to their own timeline.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Granting VM access to a resource group in Resource Manager<\/strong><\/h5>\n\n\n\n<p>With using managed identity for Azure resources, your code can get access tokens for authenticating to resources that support Azure AD authentication. However, the Azure Resource Manager supports Azure AD authentication. For this, we need to grant this VM\u2019s system-assigned managed identity access to a resource in Resource Manager. For this case the Resource Group in which the VM is contained.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, navigate to the tab for Resource Groups.<\/li><li>Secondly, select the specific Resource Group you created for your Windows VM.<\/li><li>Thirdly, go to Access control (IAM) in the left panel.<\/li><li>Then, adding a role assignment that is a new role assignment for your Windows VM. Choose Role as Reader.<\/li><li>After that, in the next drop-down, assign access to the resource Virtual Machine.<\/li><li>Then, ensure the proper subscription is listed in the Subscription dropdown. And for Resource Group, select All resource groups.<\/li><li>Lastly, Select choose your Windows VM in the dropdown and click Save.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-architect-design-az-304-free-practice-test\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-304-practice-tests-3.png\" alt=\"AZ-304 Practice tests\" class=\"wp-image-18182\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-304-practice-tests-3.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-304-practice-tests-3-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Getting an access token using the VM&#8217;s system-assigned managed identity and using it to call Azure Resource Manager<\/strong><\/h5>\n\n\n\n<p><em>For this portion you will require the use of PowerShell.<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, in the portal, navigate to Virtual Machines and go to your Windows virtual machine and in the Overview. Then, click Connect.<\/li><li>Secondly, enter your Username and Password for which you added when you created the Windows VM.<\/li><li>Now that you have created a Remote Desktop Connection with the virtual machine just open PowerShell in the remote session.<\/li><li>Then, with the Invoke-WebRequest cmdlet, make a request to the local managed identity for Azure resources endpoint for getting an access token for Azure Resource Manager.<\/li><\/ul>\n\n\n\n<p><strong>In PowerShell:<\/strong><\/p>\n\n\n\n<p><em>$response = Invoke-WebRequest -Uri &#8216;http:\/\/169.254.169.254\/metadata\/identity\/oauth2\/token?api-version=2018-02-01&amp;resource=https:\/\/management.azure.com\/&#8217; -Method GET -Headers @{Metadata=&#8221;true&#8221;}<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>After that, extract the full response, which is stored as a JavaScript Object Notation (JSON) formatted string in the $response object.<\/li><\/ul>\n\n\n\n<p><strong>In PowerShell:<\/strong><\/p>\n\n\n\n<p><em>$content = $response.Content | ConvertFrom-Json<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Then, extract the access token from the response.<\/li><\/ul>\n\n\n\n<p><strong>In PowerShell:<\/strong><\/p>\n\n\n\n<p><em>$ArmToken = $content.access_token<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Lastly, call Azure Resource Manager using the access token.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-architect-design-az-304-practice-exam\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/Az-304-online-course-2.png\" alt=\"Learn about Azure Managed Identity using Az-304 online course\" class=\"wp-image-14744\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/Az-304-online-course-2.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/Az-304-online-course-2-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-right\"><strong>Reference: <\/strong><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/managed-identities-azure-resources\/tutorial-windows-vm-access-arm\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Documentation<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-304-microsoft-azure-architect-design\/\" target=\"_blank\" rel=\"noreferrer noopener\"><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-304-microsoft-azure-architect-design\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to AZ-304 Tutorials<\/a><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to AZ-304 Tutorials In this we will learn and understand about accessing the Azure Resource Manager API using a Windows virtual machine with system-assigned managed identity enabled. We will discuss about granting VM access to a Resource Group in Azure Resource Manager and getting an access token using the VM identity and use&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-14742","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Using VM System Assigned Managed Identity in Azure Active Directory<\/title>\n<meta name=\"description\" content=\"Enhance your knowledge by learning about using Azure Managed Identity in Azure AD using Microsoft Azure AZ-304 online course and practice exam Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Using VM System Assigned Managed Identity in Azure Active Directory\" \/>\n<meta property=\"og:description\" content=\"Enhance your knowledge by learning about using Azure Managed Identity in Azure AD using Microsoft Azure AZ-304 online course and practice exam Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-27T06:40:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-304-practice-tests-3.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/\",\"name\":\"Using VM System Assigned Managed Identity in Azure Active Directory\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2020-08-01T07:02:54+00:00\",\"dateModified\":\"2020-08-27T06:40:05+00:00\",\"description\":\"Enhance your knowledge by learning about using Azure Managed Identity in Azure AD using Microsoft Azure AZ-304 online course and practice exam Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Using VM System Assigned Managed Identity in Azure Active Directory\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Using VM System Assigned Managed Identity in Azure Active Directory","description":"Enhance your knowledge by learning about using Azure Managed Identity in Azure AD using Microsoft Azure AZ-304 online course and practice exam Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/","og_locale":"en_US","og_type":"article","og_title":"Using VM System Assigned Managed Identity in Azure Active Directory","og_description":"Enhance your knowledge by learning about using Azure Managed Identity in Azure AD using Microsoft Azure AZ-304 online course and practice exam Now!","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-08-27T06:40:05+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-304-practice-tests-3.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/","name":"Using VM System Assigned Managed Identity in Azure Active Directory","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2020-08-01T07:02:54+00:00","dateModified":"2020-08-27T06:40:05+00:00","description":"Enhance your knowledge by learning about using Azure Managed Identity in Azure AD using Microsoft Azure AZ-304 online course and practice exam Now!","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/using-vm-system-assigned-managed-identity-in-azure-active-directory\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Using VM System Assigned Managed Identity in Azure Active Directory"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/14742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=14742"}],"version-history":[{"count":3,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/14742\/revisions"}],"predecessor-version":[{"id":18187,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/14742\/revisions\/18187"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=14742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=14742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=14742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}