Configure Managed Identity for VM1 | AZ-104 Exam Question Solution | Microsoft Azure Administrator

Configure Managed Identity for VM1

Question

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.

VM1 runs services that will be used to deploy resources to RG1.

You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.

What should you do first?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A

Managed identities for Azure resources provides Azure services with an automatically managed identity in Azure Active Directory. You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code.

You can enable and disable the system-assigned managed identity for VM using the Azure portal.

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm

To allow a service running on VM1 to manage resources in RG1 by using the identity of VM1, you need to enable managed identity for VM1 and assign the necessary permissions to the managed identity.

Option A: From the Azure portal, modify the Managed Identity settings of VM1 This option is the correct approach. You can enable managed identity for VM1 from the Azure portal by following these steps:

  1. Navigate to the Virtual Machines page in the Azure portal and select the VM1 instance.
  2. Under Settings, select Identity and then enable the System Assigned managed identity.
  3. After enabling the managed identity, grant the necessary permissions to the managed identity to manage resources in RG1.

Option B: From the Azure portal, modify the Access control (IAM) settings of RG1 This option is not the correct approach since it will only allow a user or service principal to manage resources in RG1, and not the identity of VM1.

Option C: From the Azure portal, modify the Access control (IAM) settings of VM1 This option is also not the correct approach since it will only allow a user or service principal to manage resources in VM1, and not the resources in RG1.

Option D: From the Azure portal, modify the Policies settings of RG1 This option is not the correct approach since policies are used to enforce rules and actions across resources in Azure, and do not relate to granting permissions to a managed identity to manage resources in RG1.

In summary, to allow a service running on VM1 to manage resources in RG1 by using the identity of VM1, you should enable managed identity for VM1 and grant the necessary permissions to the managed identity.