Enable System-Assigned Managed Identities

More Info:

Ensure that your Microsoft Azure virtual machines (VMs) have system-assigned managed identities enabled in order to allow secure virtual machine access to Azure resources such as key vaults and storage accounts.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of not having System-Assigned Managed Identities enabled in Azure using Azure CLI, you can follow these steps:

Open Azure CLI and log in to your Azure account using the command:
```
az login
```
Once you are logged in, set the subscription to the one that contains the resource group where the misconfiguration needs to be remediated using the command:
```
az account set --subscription <subscription_id>
```
Identify the resource group where the misconfiguration needs to be remediated using the command:
```
az group list
```
Once you have identified the resource group, enable System-Assigned Managed Identities for the resource group using the command:
```
az identity create --resource-group <resource_group_name> --name <managed_identity_name>
```
Replace <resource_group_name> with the name of the resource group where the misconfiguration needs to be remediated and <managed_identity_name> with the name you want to give to the managed identity.
Once the managed identity is created, assign the managed identity to the Azure resource that needs to access Azure services using the command:
```
az resource update --ids <resource_id> --set identity.type='SystemAssigned'
```
Replace <resource_id> with the ID of the Azure resource that needs to access Azure services.
Verify that the System-Assigned Managed Identity has been enabled by running the command:
```
az resource show --ids <resource_id> --query identity
```
This command should return the identity details of the Azure resource, including the System-Assigned Managed Identity.

By following these steps, you will have successfully remediated the misconfiguration of not having System-Assigned Managed Identities enabled in Azure using Azure CLI.

Using Python

To remediate the misconfiguration “Enable System-Assigned Managed Identities” in Azure using Python, you can follow the below steps:

Install the Azure SDK for Python using the following command:
```
pip install azure
```

Import the required modules in your Python script:

from azure.mgmt.compute import ComputeManagementClient
from azure.identity import DefaultAzureCredential

Set the credentials for authentication using the DefaultAzureCredential class:
```
credential = DefaultAzureCredential()
```
Create an instance of the ComputeManagementClient class using the credentials and the Azure subscription ID:
```
compute_client = ComputeManagementClient(credential, subscription_id)
```
Get the details of the virtual machine that needs to be remediated using the get method of the VirtualMachinesOperations class:
```
vm = compute_client.virtual_machines.get(resource_group_name, vm_name)
```
Enable the system-assigned managed identity for the virtual machine using the update method of the VirtualMachinesOperations class:
```
vm.identity = {"type": "SystemAssigned"}
compute_client.virtual_machines.update(resource_group_name, vm_name, vm)
```
Save the changes and exit the script.

The above steps will enable the system-assigned managed identity for the specified virtual machine in Azure.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Enable System-Assigned Managed Identities

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation