Log into your Linux VMs with Azure AD
OMG is this awesome. Microsoft has now added support to log into your Linux VMs in Azure using Azure Active Directory.
Think of the possibilities. You can centrally control and enforce policies that allow or deny access to VMs. By using the identity backplane of Azure, you centrally manage access control where it should be... in AzureAD.
Why is that important? Well, now you can use the same creds that have higher auditing and enforcement in it. There becomes no need for local admin accounts on the Linux servers. You get the benefits of using Azure's two-factor authentication instead of having to roll out a third party PAM-RADIUS module, and gives a similar workflow that admins are used to.
My favorite part is it means we get away from having to scrub SSH keys from people who leave. I've heard horror stories of people who left the company only to have fully privs to the Linux VMs which they can use as a pivot point to the backend because the SSH keys were still present and valid.
Anyways, its time to give this a try. You can follow the guidance on how to set this up on your Azure Linux VMs here.