{"id":92955,"date":"2021-12-13T17:00:15","date_gmt":"2021-12-13T17:00:15","guid":{"rendered":"https:\/\/www.red-gate.com\/simple-talk\/?p=92955"},"modified":"2021-12-15T20:33:39","modified_gmt":"2021-12-15T20:33:39","slug":"linking-a-virtual-machine-with-azure-active-directory","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/blogs\/linking-a-virtual-machine-with-azure-active-directory\/","title":{"rendered":"Linking a Virtual Machine with Azure Active Directory"},"content":{"rendered":"<p>Microsoft included in the provisioning process of a Virtual Machine the possibility to create a link between a virtual machine and the <strong>Azure Active Directory. <\/strong>This happened some time ago.<\/p>\n<p>This was a great improvement in security and management. Instead of having an isolated user management for each virtual machine, the login on the virtual machines would be controlled by Azure Active Directory.<\/p>\n<p>But what if, for some reason we miss the opportunity to join the virtual machine with active directory when it&#8217;s being provisioned? How could we join it to Azure AD after it&#8217;s already created?<\/p>\n<p>There is a set of configurations needed to use Azure Ad login in a Virtual Machine:<\/p>\n<ul>\n<li>Install the Azure Ad Login Extension<\/li>\n<li>Enable a Managed Identity<\/li>\n<li>Define the <strong>RBAC<\/strong> permissions<\/li>\n<li>Register the source machine with Azure Ad<\/li>\n<\/ul>\n<h2>\nInstall the Azure Ad Login Extension<\/h2>\n<p>\nOn the portal, you can use the <strong>Extensions<\/strong>\u00a0left menu item to install this extension. It&#8217;s very straightforward, no special configuration needed during the installation.<\/p>\n<ol>\n<li>Open the virtual machine page in <strong>Azure Portal<\/strong><\/li>\n<li>Click <strong>Extensions + Applications<\/strong> on the left menu<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92959\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD01.png\" alt=\"\" width=\"268\" height=\"409\" \/><\/p>\n<p>&nbsp;<\/p>\n<ol>\n<li>Click the <strong>Add<\/strong> button<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92960\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD02.png\" alt=\"\" width=\"318\" height=\"268\" \/><\/p>\n<ol>\n<li>Select <strong>Azure Ad based Windows Login<\/strong><\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92961\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD03.png\" alt=\"\" width=\"756\" height=\"702\" \/><\/p>\n<ol>\n<li>Click the <strong>Review + Create<\/strong> button<\/li>\n<li>Click the <strong>Create<\/strong> button<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92962\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD07.png\" alt=\"\" width=\"662\" height=\"203\" \/><\/p>\n<h2>Enable a Managed Identity<\/h2>\n<p>The Virtual Machine needs a <strong>Managed Identity<\/strong>. You need to enable it<\/p>\n<ol>\n<li>Open the virtual machine page in Azure Portal<\/li>\n<li>On the left menu, under <strong>Settings<\/strong>, select <strong>Identity<\/strong><\/li>\n<li>Turn the <strong>System assigned<\/strong> identity On<\/li>\n<\/ol>\n<p>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92963\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD08.png\" alt=\"\" width=\"528\" height=\"399\" \/><\/p>\n<h2>\nDefine RBAC permissions<\/h2>\n<p>\nThe Virtual Machine has <strong>RBAC<\/strong> roles to define the administrators and regular users for it.<\/p>\n<p>You need to add the users to these roles before trying the login. I recommend to use Azure Ad groups. Because we may be talking about many users and many VMs to manage.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92970\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD15.png\" alt=\"\" width=\"381\" height=\"545\" \/><\/p>\n<h2>Register the source machine with Azure Ad<\/h2>\n<p>The login only works if the source machine is a registered device on Azure Ad.<\/p>\n<p>You can register the source machine by using <strong>Accounts<\/strong> in the source machine. Once you add a work account from your Azure Ad, the machine will be registered in it.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92964\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD09.png\" alt=\"\" width=\"661\" height=\"543\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Once you made a login you will receive a successful registration message.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92965\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD10.png\" alt=\"\" width=\"774\" height=\"720\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>You can open <strong>Azure Active Directory<\/strong> in the portal and take a look on devices. Your machine should be there.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92967\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD12.png\" alt=\"\" width=\"313\" height=\"468\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92966\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD11.png\" alt=\"\" width=\"948\" height=\"128\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Login<\/h2>\n<p>The login on the virtual machine requires a special syntax. You need to use\u00a0<em>AzureAD\\&lt;UserUPN&gt;<\/em> for the login. It will only work with native accounts from the Azure tenant. It will not work with external\/guest accounts.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92969\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2021\/11\/VMAD14.png\" alt=\"\" width=\"569\" height=\"297\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Summary<\/h2>\n<p>Integrating the Virtual Machines with Azure AD is a great way to manage virtual machine users in a large scale.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has made it possible to integrate Azure Active Directory with Virtual Machines. In this post, Dennes Torres walks you through the steps to set it up. &hellip;<\/p>\n","protected":false},"author":50808,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[5364,145788,5383],"coauthors":[6810],"class_list":["post-92955","post","type-post","status-publish","format-standard","hentry","category-blogs","tag-azure","tag-azure-active-directory","tag-virtual-machines"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/92955","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/50808"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=92955"}],"version-history":[{"count":7,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/92955\/revisions"}],"predecessor-version":[{"id":93030,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/92955\/revisions\/93030"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=92955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=92955"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=92955"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=92955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}