Create a Secure Password Storage Solution for Azure Resource Manager Templates

C

You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file.

The best option to store the administrative password in a secure way is to use an Azure Key Vault and an access policy.

An Azure Key Vault is a service that allows you to store and manage cryptographic keys, secrets, and certificates securely. It helps safeguard cryptographic keys and secrets used by cloud applications and services. Access to Key Vault is controlled by using Azure AD identities, access policies, and firewalls.

To store the administrative password in a Key Vault, you can create a secret in the Key Vault, and then reference it in the template. The secret value will be encrypted and stored securely in the Key Vault. The access policy can be used to control who can access the secret in the Key Vault.

Azure AD Identity Protection and Azure policies (option A) are not applicable in this scenario as they are used for securing user identities and enforcing governance policies respectively.

A Recovery Services vault and backup policy (option B) are used for backup and disaster recovery scenarios, and are not applicable for storing passwords.

An Azure Storage account and access policy (option D) can be used to store data, but not passwords or secrets in a secure way.

Therefore, the correct option is C, an Azure Key Vault and an access policy.