SlideShare a Scribd company logo

GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”

GlobalLogic Ukraine
GlobalLogic Ukraine

The document outlines Azure Role-Based Access Control (RBAC) and Managed Identities, which are essential for identity and access management in Azure. It explains authentication and authorization processes, the purpose of Azure Active Directory, and the functioning of Azure RBAC in managing resources. Additionally, it describes types of managed identities and how they can streamline credential management across various Azure services.

Engineering
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
1 Azure RBAC and Managed Identity Ievgen Pavlenko Senior Software Engineer
2 2 Azure role-based access control
3 Authentication is the process of proving that you are who you say you are. Authentication Authorization is the act of granting an authenticated party permission to do something. Authorization
4 What is Azure Active Directory? • Azure Active Directory (Azure AD) is a cloud-based identity and access-management solution. It helps you secure internal, external, and customer identities.
5 What is Azure RBAC? • Azure role-based access control (Azure RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure. With Azure RBAC, you can grant the exact access that users need to do their jobs.
6 How Azure RBAC works?
7 Role assignments
8 8 Demo
9 9 Managed Identities for Azure resources
10 How to connect to Azure Resource - Azure SQL • Connection String with Credential Server=tcp:abc.database.windows.net,1433;Initial Catalog=demo;Persist Security Info=False;User ID={your_username}; Password={your_password}; - Azure storage • Connection String with AccountKey DefaultEndpointsProtocol=https;AccountName=sa;AccountKey={AccountKey}; EndpointSuffix=core.windows.net - Service bus • Connection String with SharedAccessKey Endpoint=sb://abc.servicebus.windows.net/;SharedAccessKeyName=RootMan ageSharedAccessKey;SharedAccessKey={SharedAccessKey}
11 Secrets … • Secrets can be - Leaked/stolen - Accidently checked into source control - Expire • Secret has complicated lifecycle management Account Keys Username / Password SAS Keys Application secret Secrets are like a “bomb”
12 Managing workloads that authenticating to cloud services Create principal Grand permissions Store credentials on resource Rotate secrets Remove principal Create Azure resource Delete resource A better way: Managed identities for Azure resources Create Azure resource with managed identity Grand permissions Delete resource
13 I can use managed identities when Target Azure Key Vault Azure Data Lake Azure SQL Azure App Configuration Azure Event Hubs Azure IoT Hub Azure Service Bus Azure Storage blobs Azure Analysis Services … Source Azure VMs Azure VMSS Azure App Service Azure Functions Azure Logic Apps Azure Data Factory V2 Azure Container Instances Azure Kubernetes Azure Service Fabric … that accesses
14 Identity to resource assignment Identity Authentication & Authorization Azure Storage Account, Service Bus, etc. Azure Service Managed identities types Built-in garage door remote Hand-help garage door remote Azure resource App Service, Function, Logic App, etc. Built-in garage door remote: System-assigned managed identity Hand-help garage door remote: User-assigned managed identity
15 Managed identities types • Azure creates an identity in Azure AD • Created as part of an Azure resource • Credentials are provisioned on the instance • Life-cycle is directly tied to the Azure Service Instance System-assigned managed identity • Azure creates an identity in Azure AD • Created as a stand-alone Azure resource • Identity can be assigned to one or more instances • Life-cycle is managed separately from life-cycle of the Azure Service User-assigned managed identity
16 How does the managed identities for Azure resources work?
17 17 Demo
18 Resources RBAC • https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles • https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provid er-operations Managed Identities • https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/managed-identities-status • https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/services-azure-active-directory-support • https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?v iew=azure-dotnet
19 19 Thank you!

More Related Content

Similar to GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity” (20)

PPTX
Azure Day 1.pptx
masbulosoke
 
PPTX
Good Bye Credentials in Code, Welcome Azure Managed Identities
Kasun Kodagoda
 
PPTX
Passwordless Development using Azure Identity
Sarah Dutkiewicz
 
PPTX
Microsoft Azure Identity and O365
Kris Wagner
 
PPTX
Zero Credential Development with Managed Identities
Joonas Westlin
 
PPTX
Research paper.pptx
ShibiApp
 
PPTX
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
PPTX
826182700-AZ-500T00A-ENU-Powerpoint-01.pptx
wisdomrobertkonudze
 
PPTX
Data Encryption - Azure Storage Service
Udaiappa Ramachandran
 
PDF
Demystifying identity on AWS
AWS User Group Bengaluru
 
PDF
Global Azure - Use Azure Active Directory Managed Identities for your services!
Jan de Vries
 
PDF
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
DevClub_lv
 
PDF
Tour to Azure Security Center
Lalit Rawat
 
PPTX
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
PPTX
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Chris Gillum
 
PDF
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
PPTX
Programming Azure Active Directory (DevLink 2014)
Michael Collier
 
PDF
クラウドサービス Microsoft Azure 基本
Madoka Chiyoda
 
PPTX
Datasaturday Pordenone Azure Purview Erwin de Kreuk
Erwin de Kreuk
 
PDF
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Kumton Suttiraksiri
 
Azure Day 1.pptx
masbulosoke
 
Good Bye Credentials in Code, Welcome Azure Managed Identities
Kasun Kodagoda
 
Passwordless Development using Azure Identity
Sarah Dutkiewicz
 
Microsoft Azure Identity and O365
Kris Wagner
 
Zero Credential Development with Managed Identities
Joonas Westlin
 
Research paper.pptx
ShibiApp
 
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
826182700-AZ-500T00A-ENU-Powerpoint-01.pptx
wisdomrobertkonudze
 
Data Encryption - Azure Storage Service
Udaiappa Ramachandran
 
Demystifying identity on AWS
AWS User Group Bengaluru
 
Global Azure - Use Azure Active Directory Managed Identities for your services!
Jan de Vries
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
DevClub_lv
 
Tour to Azure Security Center
Lalit Rawat
 
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Chris Gillum
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
Programming Azure Active Directory (DevLink 2014)
Michael Collier
 
クラウドサービス Microsoft Azure 基本
Madoka Chiyoda
 
Datasaturday Pordenone Azure Purview Erwin de Kreuk
Erwin de Kreuk
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
Kumton Suttiraksiri
 

More from GlobalLogic Ukraine (20)

PDF
GlobalLogic JavaScript Community Webinar #21 “Інтерв’ю без заспокійливих”
GlobalLogic Ukraine
 
PPTX
Deadlocks in SQL - Turning Fear Into Understanding (by Sergii Stets)
GlobalLogic Ukraine
 
PDF
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
PDF
GlobalLogic Embedded Community x ROS Ukraine Webinar "Surgical Robots"
GlobalLogic Ukraine
 
PDF
GlobalLogic Java Community Webinar #17 “SpringJDBC vs JDBC. Is Spring a Hero?”
GlobalLogic Ukraine
 
PDF
GlobalLogic JavaScript Community Webinar #18 “Long Story Short: OSI Model”
GlobalLogic Ukraine
 
PPTX
Штучний інтелект як допомога в навчанні, а не замінник.pptx
GlobalLogic Ukraine
 
PPTX
Задачі AI-розробника як застосовується штучний інтелект.pptx
GlobalLogic Ukraine
 
PPTX
Що треба вивчати, щоб стати розробником штучного інтелекту та нейромереж.pptx
GlobalLogic Ukraine
 
PDF
GlobalLogic Java Community Webinar #16 “Zaloni’s Architecture for Data-Driven...
GlobalLogic Ukraine
 
PDF
JavaScript Community Webinar #14 "Why Is Git Rebase?"
GlobalLogic Ukraine
 
PDF
GlobalLogic .NET Community Webinar #3 "Exploring Serverless with Azure Functi...
GlobalLogic Ukraine
 
PPTX
Страх і сила помилок - IT Inside від GlobalLogic Education
GlobalLogic Ukraine
 
PDF
GlobalLogic QA Webinar “What does it take to become a Test Engineer”
GlobalLogic Ukraine
 
PDF
“How to Secure Your Applications With a Keycloak?
GlobalLogic Ukraine
 
PDF
GlobalLogic Machine Learning Webinar “Advanced Statistical Methods for Linear...
GlobalLogic Ukraine
 
PPTX
GlobalLogic Machine Learning Webinar “Statistical learning of linear regressi...
GlobalLogic Ukraine
 
PDF
GlobalLogic C++ Webinar “The Minimum Knowledge to Become a C++ Developer”
GlobalLogic Ukraine
 
PDF
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
GlobalLogic Ukraine
 
PPTX
GlobalLogic Webinar "Introduction to Embedded QA"
GlobalLogic Ukraine
 
GlobalLogic JavaScript Community Webinar #21 “Інтерв’ю без заспокійливих”
GlobalLogic Ukraine
 
Deadlocks in SQL - Turning Fear Into Understanding (by Sergii Stets)
GlobalLogic Ukraine
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
GlobalLogic Embedded Community x ROS Ukraine Webinar "Surgical Robots"
GlobalLogic Ukraine
 
GlobalLogic Java Community Webinar #17 “SpringJDBC vs JDBC. Is Spring a Hero?”
GlobalLogic Ukraine
 
GlobalLogic JavaScript Community Webinar #18 “Long Story Short: OSI Model”
GlobalLogic Ukraine
 
Штучний інтелект як допомога в навчанні, а не замінник.pptx
GlobalLogic Ukraine
 
Задачі AI-розробника як застосовується штучний інтелект.pptx
GlobalLogic Ukraine
 
Що треба вивчати, щоб стати розробником штучного інтелекту та нейромереж.pptx
GlobalLogic Ukraine
 
GlobalLogic Java Community Webinar #16 “Zaloni’s Architecture for Data-Driven...
GlobalLogic Ukraine
 
JavaScript Community Webinar #14 "Why Is Git Rebase?"
GlobalLogic Ukraine
 
GlobalLogic .NET Community Webinar #3 "Exploring Serverless with Azure Functi...
GlobalLogic Ukraine
 
Страх і сила помилок - IT Inside від GlobalLogic Education
GlobalLogic Ukraine
 
GlobalLogic QA Webinar “What does it take to become a Test Engineer”
GlobalLogic Ukraine
 
“How to Secure Your Applications With a Keycloak?
GlobalLogic Ukraine
 
GlobalLogic Machine Learning Webinar “Advanced Statistical Methods for Linear...
GlobalLogic Ukraine
 
GlobalLogic Machine Learning Webinar “Statistical learning of linear regressi...
GlobalLogic Ukraine
 
GlobalLogic C++ Webinar “The Minimum Knowledge to Become a C++ Developer”
GlobalLogic Ukraine
 
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
GlobalLogic Ukraine
 
GlobalLogic Webinar "Introduction to Embedded QA"
GlobalLogic Ukraine
 
Ad

Recently uploaded (20)

PDF
Water Design_Manual_2005. KENYA FOR WASTER SUPPLY AND SEWERAGE
DancanNgutuku
 
PPTX
Cyclic_Redundancy_Check_Presentation.pptx
alhjranyblalhmwdbdal
 
PDF
MRI Tool Kit E2I0500BC Plus Presentation
Ing. Ph. J. Daum GmbH & Co. KG
 
PPT
Oxygen Co2 Transport in the Lungs(Exchange og gases)
SUNDERLINSHIBUD
 
PDF
Unified_Cloud_Comm_Presentation anil singh ppt
anilsingh298751
 
PPTX
EC3551-Transmission lines Demo class .pptx
Mahalakshmiprasannag
 
PDF
Natural Language processing and web deigning notes
AnithaSakthivel3
 
PPTX
Pharmaceuticals and fine chemicals.pptxx
jaypa242004
 
PDF
UNIT-4-FEEDBACK AMPLIFIERS AND OSCILLATORS (1).pdf
Sridhar191373
 
PDF
Book.pdf01_Intro.ppt algorithm for preperation stu used
archu26
 
PPTX
MPMC_Module-2 xxxxxxxxxxxxxxxxxxxxx.pptx
ShivanshVaidya5
 
PPTX
File Strucutres and Access in Data Structures
mwaslam2303
 
PPTX
Data_Analytics_Presentation_By_Malik_Azanish_Asghar.pptx
azanishmalik1
 
PDF
Non Text Magic Studio Magic Design for Presentations L&P.pdf
rajpal7872
 
PPTX
Electron Beam Machining for Production Process
Rajshahi University of Engineering & Technology(RUET), Bangladesh
 
PPTX
Introduction to Neural Networks and Perceptron Learning Algorithm.pptx
Kayalvizhi A
 
PPTX
Types of Bearing_Specifications_PPT.pptx
PranjulAgrahariAkash
 
PDF
BioSensors glucose monitoring, cholestrol
nabeehasahar1
 
PDF
Number Theory practice session 25.05.2025.pdf
DrStephenStrange4
 
PDF
Geothermal Heat Pump ppt-SHRESTH S KOKNE
SHRESTHKOKNE
 
Water Design_Manual_2005. KENYA FOR WASTER SUPPLY AND SEWERAGE
DancanNgutuku
 
Cyclic_Redundancy_Check_Presentation.pptx
alhjranyblalhmwdbdal
 
MRI Tool Kit E2I0500BC Plus Presentation
Ing. Ph. J. Daum GmbH & Co. KG
 
Oxygen Co2 Transport in the Lungs(Exchange og gases)
SUNDERLINSHIBUD
 
Unified_Cloud_Comm_Presentation anil singh ppt
anilsingh298751
 
EC3551-Transmission lines Demo class .pptx
Mahalakshmiprasannag
 
Natural Language processing and web deigning notes
AnithaSakthivel3
 
Pharmaceuticals and fine chemicals.pptxx
jaypa242004
 
UNIT-4-FEEDBACK AMPLIFIERS AND OSCILLATORS (1).pdf
Sridhar191373
 
Book.pdf01_Intro.ppt algorithm for preperation stu used
archu26
 
MPMC_Module-2 xxxxxxxxxxxxxxxxxxxxx.pptx
ShivanshVaidya5
 
File Strucutres and Access in Data Structures
mwaslam2303
 
Data_Analytics_Presentation_By_Malik_Azanish_Asghar.pptx
azanishmalik1
 
Non Text Magic Studio Magic Design for Presentations L&P.pdf
rajpal7872
 
Electron Beam Machining for Production Process
Rajshahi University of Engineering & Technology(RUET), Bangladesh
 
Introduction to Neural Networks and Perceptron Learning Algorithm.pptx
Kayalvizhi A
 
Types of Bearing_Specifications_PPT.pptx
PranjulAgrahariAkash
 
BioSensors glucose monitoring, cholestrol
nabeehasahar1
 
Number Theory practice session 25.05.2025.pdf
DrStephenStrange4
 
Geothermal Heat Pump ppt-SHRESTH S KOKNE
SHRESTHKOKNE
 
Ad

GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”

  • 1. 1 Azure RBAC and Managed Identity Ievgen Pavlenko Senior Software Engineer
  • 3. 3 Authentication is the process of proving that you are who you say you are. Authentication Authorization is the act of granting an authenticated party permission to do something. Authorization
  • 4. 4 What is Azure Active Directory? • Azure Active Directory (Azure AD) is a cloud-based identity and access-management solution. It helps you secure internal, external, and customer identities.
  • 5. 5 What is Azure RBAC? • Azure role-based access control (Azure RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure. With Azure RBAC, you can grant the exact access that users need to do their jobs.
  • 10. 10 How to connect to Azure Resource - Azure SQL • Connection String with Credential Server=tcp:abc.database.windows.net,1433;Initial Catalog=demo;Persist Security Info=False;User ID={your_username}; Password={your_password}; - Azure storage • Connection String with AccountKey DefaultEndpointsProtocol=https;AccountName=sa;AccountKey={AccountKey}; EndpointSuffix=core.windows.net - Service bus • Connection String with SharedAccessKey Endpoint=sb://abc.servicebus.windows.net/;SharedAccessKeyName=RootMan ageSharedAccessKey;SharedAccessKey={SharedAccessKey}
  • 11. 11 Secrets … • Secrets can be - Leaked/stolen - Accidently checked into source control - Expire • Secret has complicated lifecycle management Account Keys Username / Password SAS Keys Application secret Secrets are like a “bomb”
  • 12. 12 Managing workloads that authenticating to cloud services Create principal Grand permissions Store credentials on resource Rotate secrets Remove principal Create Azure resource Delete resource A better way: Managed identities for Azure resources Create Azure resource with managed identity Grand permissions Delete resource
  • 13. 13 I can use managed identities when Target Azure Key Vault Azure Data Lake Azure SQL Azure App Configuration Azure Event Hubs Azure IoT Hub Azure Service Bus Azure Storage blobs Azure Analysis Services … Source Azure VMs Azure VMSS Azure App Service Azure Functions Azure Logic Apps Azure Data Factory V2 Azure Container Instances Azure Kubernetes Azure Service Fabric … that accesses
  • 14. 14 Identity to resource assignment Identity Authentication & Authorization Azure Storage Account, Service Bus, etc. Azure Service Managed identities types Built-in garage door remote Hand-help garage door remote Azure resource App Service, Function, Logic App, etc. Built-in garage door remote: System-assigned managed identity Hand-help garage door remote: User-assigned managed identity
  • 15. 15 Managed identities types • Azure creates an identity in Azure AD • Created as part of an Azure resource • Credentials are provisioned on the instance • Life-cycle is directly tied to the Azure Service Instance System-assigned managed identity • Azure creates an identity in Azure AD • Created as a stand-alone Azure resource • Identity can be assigned to one or more instances • Life-cycle is managed separately from life-cycle of the Azure Service User-assigned managed identity
  • 16. 16 How does the managed identities for Azure resources work?
  • 18. 18 Resources RBAC • https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles • https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provid er-operations Managed Identities • https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/managed-identities-status • https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/services-azure-active-directory-support • https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?v iew=azure-dotnet