Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Sign in to Virtual Machine in Azure using Azure Active Directory Authentication

  • January 23, 2020
  • 7 min read
IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.
IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.

Résultat de recherche d'images pour "azure ad authentication"

Organizations can use Azure Active Directory (AD) authentication in order to login to their Azure virtual machines running:

  • Windows Server 2019 Datacenter edition (Preview)
  • Windows 10 1809 and later (Preview)
  • CentOS 6, CentOS 7
  • Debian 9
  • openSUSE Leap 42.3
  • RHEL 6, RHEL 7
  • SLES 12
  • Ubuntu 14.04 LTS, Ubuntu Server 16.04 et Ubuntu Server 18.04

One of the biggest advantages to use Azure AD to authenticate to VMs is to centrally control and enforce policies. It means that you can use Azure Role-Based Access Control (RBAC) and Azure AD Conditional Access in order to control who can access a VM.

Let’s start by creating a new Azure AD User named “AADUser”.

wp-image-13881

Windows Virtual Machine

Once the Azure AD user is created, we can create a Windows Virtual Machine in order to test the Azure AD authentication. During the creation wizard, you must enable the following options:

wp-image-13882

When you will enable Azure AD option, the “identity” option will be enabled automatically. Once the VM is created, you must assign the following role to your Azure AD user:

  • Virtual Machine Administrator Login: Users with this role assigned can log in to an Azure virtual machine with administrator privileges.
  • Virtual Machine User Login: Users with this role assigned can log in to an Azure virtual machine with regular user privileges.

Navigate to the Virtual Machine overview page and select Access control (IAM) from the menu options. As shown below, there are no users allowed at this step.

wp-image-13883

  • Select Add
  • Add role assignment to open the Add role assignment pane.
  • In the Role drop-down list, select the role “Virtual Machine Administrator Login
  • In the Select field, select the Azure AD user created previously
  • Select Save, to assign the role.

wp-image-13884

wp-image-13885

As shown below, we can confirm that the user has been affected to the role.

wp-image-13886

Next, you can start the Virtual Machine and test if you can sign in with your Azure AD user:

wp-image-13887

At this step, you should get the following error message: “the logon attempt failed”:

wp-image-13888

Verify that the Windows 10 PC you are using to initiate the remote desktop connection is one that is either Azure AD joined, or hybrid Azure AD joined to the same Azure AD directory where your VM is joined to.

When you are logged in to the Virtual Machine, you can confirm the following information:

wp-image-13889

wp-image-13890

Linux Virtual Machine

If you use Azure to run Linux Virtual Machines, you can use your Azure AD credentials to logon to your Linux session. During the provisioning wizard, you must select the image:

wp-image-13891

And then, enable the Azure AD option.

wp-image-13892

Now, you can assign the role to your Azure AD user (the same step we performed previously for the Windows Virtual Machine) and start the SSH session.

You will get the following message asking you to logon to https://microsoft.com/devicelogin and enter the authentication code:

wp-image-13893

Once you validate the authentication code, you can close the browser window and you can press ENTER to work on your Linux VM.

wp-image-13894

Conclusion

Thanks to the Azure AD Authentication feature, we can now use Azure AD identities to sign in to Virtual Machine (Linux and Windows). There are some prerequisites, but it works great and it is a nice feature to simplify the management of your identities.

Hey! Found Nicolas’s insights useful? Looking for a cost-effective, high-performance, and easy-to-use hyperconverged platform?
Taras Shved
Taras Shved StarWind HCI Appliance Product Manager
Look no further! StarWind HCI Appliance (HCA) is a plug-and-play solution that combines compute, storage, networking, and virtualization software into a single easy-to-use hyperconverged platform. It's designed to significantly trim your IT costs and save valuable time. Interested in learning more? Book your StarWind HCA demo now to see it in action!