Ensure that your Microsoft Azure Search Service instances have system-assigned managed identities enabled in order to allow secure application access to other Azure resources such as storage accounts and key vaults.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
A system-assigned managed identity enables Search Service instances to authenticate to other cloud services without storing credentials in code. Once enabled, all the necessary permissions can be granted via the Azure Role-Based Access Control (RBAC). With system-assigned managed identities you don`t have to secure and manage access credentials anymore as these are handled automatically by Microsoft Azure. A Search Service instance can have only one system-assigned managed identity.
To determine if your Azure Search Service instances are configured to use system-assigned managed identities, perform the following actions:
Remediation / Resolution
To enhance the authentication security and enable system-assigned managed identities for your Microsoft Azure Search Service instances, perform the following actions:
- Azure Official Documentation
- Azure Cognitive Search - frequently asked questions (FAQ)
- What are managed identities for Azure resources?
- What is Azure role-based access control (Azure RBAC)?
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable System-Assigned Managed Identities
Risk level: Medium