Ensure that your Azure API Management service instances are using system-assigned managed identities in order to allow secure access to other Microsoft Azure protected resources such as Azure Key Vaults. System-assigned managed identities minimizes risks, simplifies management, and maintains compliance with evolving cloud services.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
excellence
Using system-assigned managed identities for Azure API Management services enhances security by allowing the API service instances to authenticate and authorize with Azure resources without the need for explicit credentials, reducing the risk associated with credential management and providing a seamless and more secure integration with other cloud services.
Audit
To determine if your Azure API Management services are configured to use system-assigned managed identities, perform the following actions:
Remediation / Resolution
To ensure that your Azure API Management service instances are configured to use system-assigned managed identities, perform the following actions:
References
- Azure Official Documentation
- What are managed identities for Azure resources?
- Use managed identities in Azure API Management
- Authenticate with managed identity
- Azure PowerShell Documentation
- az apim list
- az apim show
- Get-AzApiManagement
- Set-AzApiManagement