Deploy, Secure and Manage Azure Functions

Managed Service Identity

Your browser needs to be JavaScript capable to view this video

Try reloading this page, or reviewing your browser settings

This video segment explains managed identity and show how to provision managed identity for Azure Functions.

Keywords

  • Managed identity
  • Azure Functions
  • Azure AD

About this video

Author(s)
Sahil Malik
First online
21 December 2018
DOI
https://doi.org/10.1007/978-1-4842-4409-8_14
Online ISBN
978-1-4842-4409-8
Publisher
Apress
Copyright information
© Sahil Malik 2019

Related content

Video Transcript

Sahil Malik: Next, let’s talk about an incredible new feature inside of Azure called Managed Service Identity. Why is managed service identity important? Well, at a high-level, managed identity basically means the various entities in Azure, including Azure Functions, are given an identity. Now this identity is provision for you and Azure and you never even know what it’s password is. So see it’s completely password-less as far as your concern, and that means if your Azure Function needs to call another resource protected by Azure AD, you simply grant that managed identity access to that particular resource. Let’s see how this works.

So here I have my function app. Inside of the function app, I go into the Platform features area of the function app as you can see, and here is a section called Managed service identity under the Networking section, let’s go ahead and click on it. So in order to create a managed service identity, well, this is the easiest part, you simply click On and hit Save. Let’s registering the MSI with Azure AD. Now MSI is also a key word we use for installer. So I highly suspect that the name is going to be abbreviated to manage identity because it just eliminates confusion, but at the end of this, it’ll say that it has successfully registered the identity with Azure AD. And really, that’s all you need to do. At this point, my application, this Azure Function now has an identity and now I can use simple role-based access control, et cetera, and this identity can be granted permissions and rights to various resources in my Azure tenancy.

Once you have enabled this Managed service identity, essentially, it has gone ahead and registered this itself as an application under the Azure AD. Let’s go find it. So under Azure Active Directory on the left, make sure that you’re in the right Azure AD. By default, you should be. Go to Enterprise applications. Here, make sure that you select all applications and let’s go ahead and search for the function app that we were working with as you see over here. And here is the object id for the managed service identity that just got created. And if you look over here, you can see exactly what it’s been doing, what permissions it has or currently I haven’t given it any permission, so I see nothing here. You can look at its activity, audit logs and basically, it just gives you a lot of ability to allow this function app to call other resources and securely call other resources in a way that you don’t need to worry about the password for a, you know, service principle account or anything like that. And that’s the beauty of manage identities that fully works with Azure Functions.