Ensure that your Microsoft Azure virtual machines (VMs) are configured to use Azure Active Directory (AAD) credentials for secure SSH/RDP access. Once enabled, you can use your corporate Active Directory credentials to log in to your virtual machines, enforce Multi-Factor Authentication (MFA), or enable access via RBAC roles.
When you use Azure Active Directory (AAD) authentication for virtual machines, you can create and enforce policies that allow or deny access to your VMs from one central location, simplifying the access permission management. For example, you can easily revoke SSH access to your VMs when an employee leave your organization by just disabling its Active Directory account. Other important benefits of using AAD authentication to log in to your Azure virtual machines are:
Eliminating the need for creating and managing local administrator accounts. The only access credentials required will be your Active Directory credentials (i.e. Single Sign-On authentication).
Using password complexity and password lifetime policies created for your Azure Active Directory (AAD) to help secure your virtual machines.
Reducing further your dependence on local administrator accounts as you don't have to worry anymore about credential loss/theft or users that configure weak and non-compliant credentials.
Using Role-Based Access Control (RBAC) policies to determine who can log in to your Azure VMs.
Allowing enabling Multi-Factor Authentication (MFA) for an additional layer of protection during VM login.
To determine if your Microsoft Azure virtual machines are configured to use AAD authentication, perform the following actions:
Remediation / Resolution
To enable Azure Active Directory (AAD) authentication for existing virtual machines (VMs), perform the following actions:
- Azure Official Documentation
- Preview: Log in to a Linux virtual machine in Azure using Azure Active Directory authentication
- Sign in to Windows virtual machine in Azure using Azure Active Directory authentication (Preview)
- Add or remove Azure role assignments using the Azure portal
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable Virtual Machine Access using Active Directory Authentication
Risk level: Medium