Ensure that your Microsoft Azure virtual machines (VMs) are configured to use Microsoft Entra ID credentials for secure SSH/RDP access. Once enabled, you can use your corporate Microsoft Entra ID credentials to log in to your virtual machines, enforce Multi-Factor Authentication (MFA), or enable access via RBAC roles.
When you use Microsoft Entra ID authentication for virtual machines, you can create and enforce policies that allow or deny access to your VMs from one central location, simplifying the access permission management. For example, you can easily revoke SSH access to your VMs when an employee leave your organization by just disabling its Microsoft Entra ID account. Other important benefits of using Microsoft Entra ID authentication to log in to your Azure virtual machines are:
Eliminating the need for creating and managing local administrator accounts. The only access credentials required will be your Microsoft Entra ID credentials (i.e. Single Sign-On authentication).
Using password complexity and password lifetime policies created for your Microsoft Entra ID to help secure your virtual machines.
Reducing further your dependence on local administrator accounts as you don't have to worry anymore about credential loss/theft or users that configure weak and non-compliant credentials.
Using Role-Based Access Control (RBAC) policies to determine who can log in to your Azure VMs.
Allowing enabling Multi-Factor Authentication (MFA) for an additional layer of protection during VM login.
Audit
To determine if your Microsoft Azure virtual machines are configured to use Microsoft Entra ID authentication, perform the following actions:
Remediation / Resolution
To enable Microsoft Entra ID authentication for existing virtual machines (VMs), perform the following actions:
References
- Azure Official Documentation
- Preview: Log in to a Linux virtual machine in Azure using Microsoft Entra ID authentication
- Sign in to Windows virtual machine in Azure using Microsoft Entra ID authentication (Preview)
- Add or remove Azure role assignments using the Azure portal
- Azure PowerShell Documentation
- az vm list
- az vm extension list
- az vm show
- az vm extension set
- assignment