Unit 10: Configure Microsoft Entra User Authentication for Virtual Machines
Organizations can use Microsoft Entra ID for authentication directly to Windows and Linux VMs in Azure.
Supported:
- Windows Server 2019 Datacenter and later.
- Windows 10 1809 and later.
- Windows 11.
- Linux virtual machines (supported distros).
Benefits:
- Use Entra credentials to sign in to VMs.
- Reduce reliance on local admin accounts.
- Apply Entra password policies (complexity, lifetime).
- Use Conditional Access for VM access (e.g., require MFA, risky user checks).
Configure Microsoft Entra Sign-In for Windows VMs
To enable Entra sign-in:
- Enable Login with Microsoft Entra ID on the VM in Azure.
- Configure Azure role assignments to grant users permission to sign into the VM.
This is done in the VM configuration in the Azure portal.
Configure Microsoft Entra Sign-In for Linux VMs
Example for Ubuntu Server 18.04 LTS:
- Sign in to Azure portal with permissions to create VMs.
- Select Create a resource and choose Ubuntu Server 18.04 LTS.
- On the Management tab:
- Check Login with Microsoft Entra ID.
- Ensure System assigned managed identity is checked.
- Complete the rest of the VM configuration and deployment.
Entra ID can then be used to control access and apply policies to Linux VMs as well.
Licences:
Smart lockout Customization (threshold and duration) requires Microsoft Entra ID Premium P1 or higher.