Providing Students access to centrally provided Azure Resources when they do not have Azure Subscription credentials
Using Azure Managed Service Identity (MSI) to provide students access to Azure Resources
To learn how to use managed identities to access different Azure resources, try these tutorials.
Learn how to use a managed identity with a Windows VM:
- Access Azure Data Lake Store
- Access Azure Resource Manager
- Access Azure SQL
- Access Azure Storage by using an access key
- Access Azure Storage by using shared access signatures
- Access a non-Azure AD resource with Azure Key Vault
Learn how to use a managed identity with a Linux VM:
- Access Azure Data Lake Store
- Access Azure Resource Manager
- Access Azure Storage by using an access key
- Access Azure Storage by using shared access signatures
- Access a non-Azure AD resource with Azure Key Vault
Learn how to use a managed identity with other Azure services:
- Azure App Service
- Azure Functions
- Azure Logic Apps
- Azure Service Bus
- Azure Event Hubs
- Azure API Management
- Azure Container Instances
Using MSI for providing student access to Azure ML Workspace from a dedicated Data Science Virtual Machines
Typically courses provide a fixed pool of resources for students to utilise.
Pooled Resources
Many academics are providing Azure Data Science VM (DSVM) for the class.
Using Managed Services Identity
When you create the VM with a MSI and give it permission to the resource group where you have the Azure ML Workspace. In this scenario any local user on the DSVM (students in the lab) can access the Azure ML Workspace without having a dedicated Azure subscription credentials.
The Students simply need to authenticate to the Virtual Machine (using local auth/AD/Shibboleth).
Below is the sample code to do add Managed Service Identity to create or attach to a Azure ML Workspace with the change from usual highlighted.
Please note, MSI is a general Azure feature and not specific to DSVM as can be seen in the examples above so you can use MSI to provide students access to centrally provided resources..
Ref: /en-us/azure/active-directory/managed-identities-azure-resources/overview