Accessing Partner VMs

Paramesh Kumar Bada 0 Reputation points
2026-07-08T03:34:39.0633333+00:00

Hi,

How to Secure Access to Multiple Partner-Network VMs from the Corporate Network Using Single Sign-On (SSO), Eliminating Multiple Passwords without compromising security and compliance.

Thank you!!

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments No comments

1 answer

Sort by: Most helpful
  1. Jerald Felix 16,580 Reputation points Volunteer Moderator
    2026-07-09T17:29:05.7766667+00:00

    Hello Paramesh Kumar Bada,

    Greetings! Thanks for raising this question in Q&A forum.

    The most likely reason is that accessing partner-hosted VMs securely across networks requires centralized identity (SSO) and proper role-based access, otherwise users end up managing separate credentials or facing access issues.

    To securely access partner VMs using SSO and avoid multiple passwords, you can follow these steps:

    Use Microsoft Entra ID for authentication

    • Enable Entra-based login on the partner VMs
    • This allows users to sign in using their corporate identity instead of local VM accounts

    Configure the correct RBAC roles

    • Assign users one of the required roles on each VM:
      • Virtual Machine User Login
      • Virtual Machine Administrator Login
    • Without these roles, users cannot log in even if SSO is configured

    Use Azure Bastion (recommended)

    • Access VMs directly from the Azure portal without exposing public IPs
    • This improves security and simplifies access from corporate networks

    Set up Conditional Access policies

    • Enforce MFA and compliance checks centrally
    • Ensure policies don’t block VM sign-in flows unintentionally

    Validate partner access model

    • If VMs are in partner tenants, ensure proper B2B collaboration / external user setup
    • The partner must grant your users access in their tenant

    Troubleshoot if access still fails

    • Check NSG rules and network connectivity
    • Confirm VM extension for Entra login is installed
    • Verify user role assignment and tenant permissions

    If your organization is trying to standardize access across multiple partner environments, the correct approach is to rely on Entra identity + RBAC + secure access methods like Bastion, instead of managing local passwords.

    If this answer helps you kindly accept the answer which will help others who have similar questions

    Best Regards,

    Jerald Felix.

    Was this answer helpful?

    0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.