Hey dears! A quick clarification on the video. For Virtual Machines Managed Identity endpoint is actually running outside of VM and is called IMDS (Azure Instance Metadata service). Old endpoint was located at localhost docs.microsoft.com/en-us/azure/key-vault/secrets/tutorial-net-linux-virtual-machine?WT.mc_id=AZ-MVP-5003556 but it was deprated in January 2019. This endpoint is only accessible from within a VM though. My bad here on putting it inside of VM box, it was supposed to be logical not physical boundary. But I was pointed out I said running locally during the video. Thanks Gregory S. for pointing this out.

I am a beginner of Azure from Hong Kong, I have been finding a video like this one for a long time, it's straight to the point, within 30 mins you resolved all my questions already. Thank you so much Adam. Plesae keep up your good work.

I try to watch other channels, but Adam's way of teaching is unique, is so much cool the way and the time he spends doing such great material. It's incomparable

Not only that your videos are very practical, I really like how you explain various concepts, in this case, how you compared three authentication methods in such a clear way. Splendid work, as always, Adam :)

@AdamMarczakYT

4 жыл бұрын

Awesome! Thanks David, I appreciate it 😊

Oh man, I learned more in 30 minutes from this than in 3 weeks of trying to navigate the Azure docs. Great explanations and demos! ❤

I LOVE the diagrams. Those aid my understanding greatly! Also, the simplicity and clarity of your thoughts is priceless.

@AdamMarczakYT

3 жыл бұрын

Glad it was helpful Joe!

Adam, I must say you have a super brain to explain such complex Azure feature within just 30 mins and plenty of demos and scenarios. Great work again... Please keep it up... Hope you and your family is safe in whichever geography you live in during current COVID-19 pandemic. Thanks buddy. Love your Azure videos.

@AdamMarczakYT

4 жыл бұрын

Wow, thanks! You too, stay safe! :)

@candycandelaria5699

3 жыл бұрын

I agree, For a 30mins Video Tutorial like this definitely a "Super Brain"

Thanks for the amazing tutorial, Adam. I like the fact that you cover the concepts along with practicals and its hugely helps the learners,

@AdamMarczakYT

3 жыл бұрын

You're very welcome!

A big thank you Adam for your detailed explanation and demonstration of Managed Identity, better than any other videos on KZread!

@AdamMarczakYT

2 жыл бұрын

Glad it was helpful!

Amazing! I was searching how Azure key vault working with ADF and your video explained it all and more. Thank you!

I was searching for local development settings and Managed Identity a couple of months ago. This is awesome. Thank you Adam 💙

Thanks Adam for explaining Managed Identity with Practical examples. That really helps.

@adam Marczak -- This is the comprehensive lesson of managed identity, you have touched all the topics that I need clarifications with. Wonderful lesson, and thanks for all you have done!!

As always, great video Adam. Thanks for bringing such marvelous videos week after week.

@AdamMarczakYT

4 жыл бұрын

My pleasure. It's hard but at the same time it's very satisfying seeing comments like this. Thanks!

While there's been upgrade in the Key Vault permissions since this video, much of it still makes perfect sense. This was a good overview, Adam! indeed it helped better understand it. Thank you so much.

Top class explanation. Easy to understand if you are just getting started with Azure🌟

Your videos are amazing! You explain everything so clear. In my view that means you have a prefect understanding of what you are doing. Great!!!!

Hi Adam, I saw many of your videos, thanks for putting great efforts on your videos, each videos provided very good understanding of azure service along with practical knowledge, I learned a lot from these.

@AdamMarczakYT

2 жыл бұрын

Great to hear that mate :)

Great video Adam, thanks for all the effort that goes into it.

HI Adam, explanation is very good , short and clean. Hoping i will go through remaining all your videos.

@AdamMarczakYT

3 жыл бұрын

Glad you like them!

Your presentation and animation is the best i have seen.

A great way to present this information. I will surely become a fan of your channel quickly. Thanks again for the great video.

Thanks for the amazing tutorial, Adam. I like your videos that you cover az-900 and Active Directory. Your teaching methods are excellent to understand how the services are working on azure. I like all your videos. Please create a more videos on AZ-104..

Best video on Managed Identities!

@AdamMarczakYT

2 жыл бұрын

Thanks!! :D

Wow Adam!! This is really very helpful!! Thanks a lot for this amazing video 😊

Loved the tutorial. Great clarity.

Excellent and pedagogical video - many thanks!

Thanks Adam for sharing the detailed explanation, very helpful.

@AdamMarczakYT

3 жыл бұрын

My pleasure!

Such a great content. You have used every second effectively. Thank you 😊

@AdamMarczakYT

3 жыл бұрын

Happy to hear that!

Very well explained. It will clear the conception of azure identity.

Great Video as always! Thanks a lot Man

Amazing work, Thank you, Adam!

@AdamMarczakYT

3 жыл бұрын

My pleasure!

Nailed it , awesome explanation as usual.. keep going !!!

@AdamMarczakYT

4 жыл бұрын

Always! Thank you kindly :)

Hi Adam, thanks so much for the video. Could you advise if it is necessary to use managed identity with key vault, or does managed identity render key vault useless within the same architecture? Thanks!

Great Tutorial Adam. Thanks for the videos.

@AdamMarczakYT

4 жыл бұрын

Glad you like them!

Great video. You make learning Azure fun!

@AdamMarczakYT

3 жыл бұрын

Glad you think so!

that was very helpful. Thank you very much!

Thanks Adam, great job on your videos!

@AdamMarczakYT

4 жыл бұрын

Thank you Michell, I appreciate it :)

very cool explanation! thanks!

Thanks Adam. Awesome video. Clearly explained.

@AdamMarczakYT

3 жыл бұрын

My pleasure!

Thanks a lot for all your amazing videos.

@AdamMarczakYT

2 жыл бұрын

Glad you like them!

I am kind of loving your videos a lot. Every time I want to learn some Azure topic, I just hope you would have one already created on that topic :) Great work. Love your simplicity. Just a suggestion - From next time if you can show the demo using GUI (like creating a project, downloading Microsoft packages, etc.) that would be a great help for someone who doesn't have programming knowledge. Thanks a lot again!

@AdamMarczakYT

3 жыл бұрын

Great suggestion! Thanks for watching!

thank you.. very nice videos, helped me a lot with AZ900.

Hey Adam, nice explanation and to the point. One question, can we add identity object id at key level?

Great Tutorial! Thank you!

@AdamMarczakYT

4 жыл бұрын

Awesome! Cheers :)

as always it was great explanation, thanks for sharing

@AdamMarczakYT

3 жыл бұрын

My pleasure!

Did I say this guy is awesome? - Your videos are helpful, thank you.

@AdamMarczakYT

3 жыл бұрын

You are very kind! Thank you :)

Good explanation !

Great job Adam. Thanks

@AdamMarczakYT

3 жыл бұрын

My pleasure!

really so informative

Thank you, Sir!!

I love this feature!

@AdamMarczakYT

4 жыл бұрын

Me too! :) It's just so much simpler to do auth with it.

U r the man!!.. this is what i was looking for

@AdamMarczakYT

4 жыл бұрын

I hope you meant "man" :D Thanks!

I'm watching it a year later -> still good ;-) THX

Best video for Azure.

@AdamMarczakYT

3 жыл бұрын

Thank you mate ;)

Hello Adam, I have a question. For example, let's say I have a Console application that runs on premise under a service account. Can I create the service account in Azure and assign managed identity to it? Then connect to key vault using that service account from on prem?

liked the video before watching it !!! Brother, you have my respect \,\,

@AdamMarczakYT

4 жыл бұрын

I appreciate that! That is a big trust and I hope it pays off! Thanks again!

Adam, its a great work. Can anyone help me regarding this doubt. My doubt is can we use managed identity with notification hub.

Hi Adam, I tried following you on logic apps to perform https request and datafactory connections. however those options are not in azure anymore. hope you tell us why? I'm assuming they automate it already or changed its name?

Hey Adam, Really I enjoy your every video. I think that your 30 minutes video are more worthful than Pluralsight / Udemy 3 hrs courses. I have one request , Can you create some video on Docker/ AKS

@AdamMarczakYT

3 жыл бұрын

Wow, thanks! I appreciate that. Container tutorials are a possibility in the future :)

Great tutorial as usual, Adam. Please what do you use for your architectural diagrams?

@AdamMarczakYT

4 жыл бұрын

Just like a true architect I use PowerPoint :D Thanks for watching!

Thsnk Adam! I finally understood!!

@AdamMarczakYT

3 жыл бұрын

Awesome, thanks!

thanks, this is a great video, ur git repo is very useful for study

@AdamMarczakYT

3 жыл бұрын

Glad you think so!

Thanks a lot for the videos !!!

@AdamMarczakYT

3 жыл бұрын

My pleasure!

Is it posible to using Managed identities for Microsoft Flow connectors authentication? For example Connector to O365 Outlook for sending email by Flow or Sharepoint Connector to accessing data in SHP? I have tested "service principal" in Power Automate/Flow, but is not posible for sending email or SHP access(only for other some connectors). Maybe Managed Identity can, but any instruction for Flow.

Great Video! ...again

@AdamMarczakYT

3 жыл бұрын

Thank you! Cheers! :)

Hi Adam.. this was really helpful and very easy to understand! Just obe question from my end - the logic app was able to retrieve the connection to storage account from key vault. Can you please guide me with the step to then connect to the storage account with that connection string and read the file in the storage account?

@AdamMarczakYT

3 жыл бұрын

Hey, check out my Logic Apps tutorial video. It shows how to connect to blob storage from Logic App.

Your content is awesome, I would just like to ask you to add chapters on your videos, it really helps to go back to specific chapters without searching for them manually, your first video had chapters.

@AdamMarczakYT

3 жыл бұрын

That's a good idea! I already have chapters in the new videos once I realized KZread supports these, might go back to update them for previous videos :)

Thanks Adam for wonderfull videos

@AdamMarczakYT

2 жыл бұрын

Glad you like them!

Great Tutorial as always. Please make videos on Azure Networking too.

@AdamMarczakYT

4 жыл бұрын

Thanks, will do!

Excellent.

@AdamMarczakYT

3 жыл бұрын

Thank you! Cheers!

what if I want to use a user assigned managed identity to connect to Azure Databricks workspace? How am I supposed to get the bearer token for the workspace using this MI? I am planning to do it via external methods like python or powershell, but unable to find any resources. Could you please advise?

Nice video Adam, How can we use the managed identities by using logic apps as a target resource Windows defender ATP as this is not the service of Azure. Thanks.

@AdamMarczakYT

3 жыл бұрын

Hi, unfortunately I don't know. I'm not windows defender specialist. I would assume not if it's not protected by Azure AD since managed identities come from azure ad. thanks for watching :)

Hi Adam, great explanation. I would like to know if I could implement security in the same way explained in video where service A is hosted in non Azure environment and Services B is Azure function http trigger .

@ryanshannon6963

2 жыл бұрын

You can utilize Managed Identities and connect to a keyvault (if that's what you choose to do) from an external service trying to access a resource within Azure by utilizing Azure Arc. Azure Arc "registers" external to Azure services/resources and can assign an identity to that, to which then you can use similar to an Azure based resource/service. You will have to run a powershell script (which Azure typically supplies to you) on that external service/resource for Azure to properly register it. An example would be a SQL Server instance running on an EC2 in AWS.

Great tutorial....just need a little more details about...OpenID/MI Endpoint, please if possible provide some links

Very good tutorial! Thanks alot! Do you know a way to secure the storage account automatically created when creating a function app so that it uses managed identity instead of shared access keys?

@AdamMarczakYT

3 жыл бұрын

Good question Robert, unfortunately last time I checked Managed Identity is not yet supported for WebJobs storage github.com/Azure/azure-webjobs-sdk/issues/2366

@robertcarlsson1781

3 жыл бұрын

@@AdamMarczakYT Thanks Adam, there are several issues with the security of the webjob storage account as it doesn't support activating the storage account firewall. The only way to secure the account is to put it in a VNET but then you loose the serverless option as you need to go with premium SKU . Hope they will fix these issues soon.

@AdamMarczakYT

3 жыл бұрын

I hope so too, I love serverless option but it does add a little complexity when it comes to security.

superb explanation pls upload eventgrid with angular application example

@AdamMarczakYT

3 жыл бұрын

interesting idea, noted! Thank you :)

Nice. Can we have one video on the difference between managed identity and service principal?

Agreed! Nailed it man :) thanks

@AdamMarczakYT

3 жыл бұрын

My pleasure Adam!

@adamzachary6947

3 жыл бұрын

@@AdamMarczakYT Thank you again ... We need an in-depth AKS demo :)

watching this video 15 Dec 2022 api-version is still 7.0 On Azure Data Factory, UI was changed. Go to Manage tab of the left panel -> Linked Services. There is no shortcut for the adding access policy, but we added it previously, it's not needed. When add role assignment in storage account, after you chose the role go next to Members, select Assign access to Managed identity and select your subscription, then data factory and your ADF name

Thanks!

So we are investigating implementing a similar azure AD application proxy ...IE initial user authentication and then acting as a reverse proxy to the internal web applications We see this as a requirement to securely allow our employees to access selected internal applications from their own devices from external (internet) So could you assist please with guidance on how this can be achieved? Also how we can enable/implement sms and email?

Keep posting more videos on Azure AD server

@AdamMarczakYT

3 жыл бұрын

More to come!

Nice video Adam, How can we use the managed identities with function app for accessing Storage Account securely? Can you point me in the right direction in this scenario.

@AdamMarczakYT

3 жыл бұрын

Not using bindings yet :( github.com/Azure/azure-functions-host/issues/6423 but you can try this docs.microsoft.com/en-us/samples/azure-samples/functions-storage-managed-identity/using-managed-identity-between-azure-functions-and-azure-storage/?WT.mc_id=AZ-MVP-5003556

@govthamreddy

3 жыл бұрын

@@AdamMarczakYT thanks for the input

Excellent. Thanks. Bharat

@AdamMarczakYT

4 жыл бұрын

Thank you! :)

hi Adam Marczak, Has Microsoft moved the feature "Access Policy" under "Access Control (IAM)" feature to assign System or User Assigned Identity?

@AdamMarczakYT

3 жыл бұрын

You mean for Key Vault? Key Vault now supports two ways to authorize. Either via Access Policies or via Access Control (RBAC roles). RBAC roles are still in preview though. :)

I am running into problems on how to set the Office 365 side after setting up Data Factory, not using key vault, just Service Principal Key with Sharepoint connector. I have not see any blogs or videos on this. I was just wondering if it can be done. Great content and presentation on all your videos. Thanks!

@AdamMarczakYT

3 жыл бұрын

Hey, did you go through MS guide on SharePoint connector? It's available in the documentation, just google it. They explain very nicely what you need to do in terms of permission setup. Thanks for tuning in.

@CoopmanGreg

3 жыл бұрын

@@AdamMarczakYT Thanks Adam, I really appreciate it.

Hi Adam, do you know if there is any way to use managed identities accross different tenants? I have only been able to do this using an App registered for multi-tenant use, it seems managed identites can be used only within a single tenant

@AdamMarczakYT

2 жыл бұрын

Managed Identities are not designed for multi-tenant scenarios. Service Principal /App is currently the only way.

@giacofigueroa

2 жыл бұрын

@@AdamMarczakYT thanks for anwering and for all your amazing videos 😊

in first demo, why do we not to need to get token from azure ad ?

Thank you for covering this usefull feature! Do you know is it possible to connect AppService to a Azure SQL Server via managed identity? Or may be is the Private Endpoint the right way for doing this?

@AdamMarczakYT

4 жыл бұрын

Yes you can :) docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi Although SQL doesn't have firewall exception for managed identity. So in case of firewall protected SQL look additionally at VNet integration.

Would you need a managed identity for ARM so you can to refer to key vault?

@AdamMarczakYT

3 жыл бұрын

It depends on who deploys this. If you deploy this from your account then you need to have KV permissions, if you deploy from VM using Managed Identity then the same principle applies. Read more here docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-use-key-vault?WT.mc_id=AZ-MVP-5003556

Thanks Adam Nice

@AdamMarczakYT

3 жыл бұрын

No problem!

Can this be used with SSRS?

how to copy data from vm to storage account using system managed identities？regularly on daily basis without getting authentication for copying manually.

Hi adam ! I am looking az 204 series from you

hey, Where can I find that script, to run on the the app service , to check the access token

@AdamMarczakYT

3 жыл бұрын

Every video comes with samples available on GitHub. Link to relevant repository is always in the video description :) Thanks for watching!

How do we use User assigned Identities for resources which have Managed Identities by default like ADF?

@AdamMarczakYT

3 жыл бұрын

ADF does not support user assigned identities check this document to check which services do support it docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities#azure-data-factory-v2?WT.mc_id=AZ-MVP-5003556

How can I check whether Managed identity has been used in our web app in Azure? Can you please tell me?

@AdamMarczakYT

2 жыл бұрын

Maybe Azure AD audit logs?

in 7:13 why did you not copy the whole string?

hi how can i leverage the managed identity when my resource is in another tenant and my azure AD is in separate tenant?

@AdamMarczakYT

3 жыл бұрын

Nope, Managed Identities don’t support that. Feel free to check FAQ for official statement docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/known-issues?WT.mc_id=AZ-MVP-5003556