How to grant Azure Managed Identity access to local file system inside VM?

Question

How to grant Azure Managed Identity access to local file system inside VM?

cb1979 0

I'm scrambling to try setting up Azure Automation to use managed identities since Microsoft effectively disabled my run as account well ahead of the retirement date by disabling the renewal of certificates.

I'm trying to run Powershell scripts within a VM and need to grant the managed identity priliveges on the local file system, but all of the documentation for managed identities focuses on granting access to Azure services.

I'm assuming I'll need to grant permissions (Modify, Read & execute/ etc.) to specific folders in the Windows file system to some AD account, but I can't find any walkthroughs how this all works.

KarishmaTiwari-MSFT 20,767 Reputation points Microsoft Employee Moderator

2023-07-06T01:02:13.6733333+00:00

@cb1979 Checking in to see if the answer below helped.

If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

If the answer below has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

Thank you for helping to improve Microsoft Q&A!

1 answer

Your answer

KarishmaTiwari-MSFT 20,767 Reputation points Microsoft Employee Moderator

2023-07-06T01:02:13.6733333+00:00

@cb1979 Checking in to see if the answer below helped.

If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

If the answer below has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

Thank you for helping to improve Microsoft Q&A!

Answer 1

Luke Murray 11,436 MVP Volunteer Moderator

Hi,

You can't, you can get the token for the VM inside the VM and use that to authenticate and work with Azure services, but you can't use a Managed Identity to install applications on virtual machines; for that, you will need to leverage a local account.

If you use the Hybrid worker, in Azure Automation, it will run under a System account, otherwise you need to specify the credentials to an account.

cb1979 0 Reputation points

2023-06-28T22:48:55.0033333+00:00

Using run as accounts, the hybrid worker that executes the Powershell scripts through Azure Automation would run the script in the context of the run as account.

Are you saying that with managed identities, the hybrid worker will run the script in the context of the system account?
Luke Murray 11,436 Reputation points MVP Volunteer Moderator

2023-06-28T22:58:13.7+00:00

Just to add to this, you can use the Managed identity of the Azure VM to update/change Azure resources - but not install applications.
Luke Murray 11,436 Reputation points MVP Volunteer Moderator

2023-06-28T22:59:33.38+00:00

Thats correct, System.

Share via

How to grant Azure Managed Identity access to local file system inside VM?

1 answer

Your answer