Ensure that your Azure API Management service instances are using user-assigned managed identities for fine-grained control over access permissions.
excellence
In Azure cloud, user-assigned identities encompass a broader range of roles beyond "Read-Only", "Contributor", and "Owner" support. Therefore, Azure API Management services should use user-assigned managed identities to provide granular control over access permissions, enable integration with existing identity systems, and support specific application requirements. User-assigned managed identities offer flexibility in managing identities and access control for Azure API Management service instances, allowing for fine-grained customization based on individual needs.
Audit
To determine if your Azure API Management services are configured to use user-assigned managed identities, perform the following actions:
Remediation / Resolution
To ensure that your Azure API Management service instances are configured to use user-assigned managed identities, perform the following actions:
References
- Azure Official Documentation
- What are managed identities for Azure resources?
- Use managed identities in Azure API Management
- Authenticate with managed identity
- Azure CLI and PowerShell Documentation
- az apim list
- az apim show
- Get-AzApiManagement
- New-AzUserAssignedIdentity
- Set-AzApiManagement
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Use User-Assigned Managed Identities for Azure API Management Services
Risk Level: Medium