![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 68%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EID%3C/text%3E%3C/svg%3E)
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
369 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 78%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hello! To grant an Azure Arc-enabled machine access to an Azure Data Explorer cluster or database, you can use a managed identity. However, you are correct that Azure Arc-enabled machines do not have an object ID like regular managed identities. Instead, you can use the Azure Arc-enabled machine's service principal name (SPN) to grant access. Here are the general steps to grant an Azure Arc-enabled machine access to an Azure Data Explorer cluster or database: 1. Create a managed identity for the Azure Arc-enabled machine, if you haven't already done so. 2. Get the SPN for the Azure Arc-enabled machine. You can find this in the Azure portal or by using the Azure CLI or PowerShell. 3. Grant the SPN access to the Azure Data Explorer cluster or database. You can do this by adding the SPN to an Azure Active Directory (AAD) security group that has been granted access to the cluster or database, or by granting the SPN access directly. Here's an example of how to grant an SPN access to an Azure Data Explorer database using the Azure portal: 1. In the Azure portal, navigate to the Azure Data Explorer database that you want to grant access to. 2. Click on the "Access control (IAM)" tab. 3. Click on the "+ Add" button and select "Add role assignment". 4. In the "Add role assignment" pane, select the role that you want to grant (e.g., "Data Reader" or "Data Contributor"). 5. In the "Assign access to" section, select "Azure AD user, group, or service principal". 6. In the "Select" field, enter the SPN for the Azure Arc-enabled machine. 7. Click on the "Save" button to grant access. I hope this helps! Let me know if you have any further questions.