More Info:
Ensure that your Microsoft Azure virtual machines (VMs) have system-assigned managed identities enabled in order to allow secure virtual machine access to Azure resources such as key vaults and storage accounts.Risk Level
MediumAddress
SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the misconfiguration of enabling System-Assigned Managed Identities in Azure using the Azure console:
- Log in to the Azure portal (https://portal.azure.com/).
- Navigate to the resource group that contains the misconfigured resource.
- Select the resource that needs to have the System-Assigned Managed Identity enabled.
- In the left-hand menu, under the Settings section, select Identity.
- In the Identity blade, set the System Assigned Managed Identity toggle to On.
- Click Save to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of not having System-Assigned Managed Identities enabled in Azure using Azure CLI, you can follow these steps:
-
Open Azure CLI and log in to your Azure account using the command:
-
Once you are logged in, set the subscription to the one that contains the resource group where the misconfiguration needs to be remediated using the command:
-
Identify the resource group where the misconfiguration needs to be remediated using the command:
-
Once you have identified the resource group, enable System-Assigned Managed Identities for the resource group using the command:
Replace
<resource_group_name>
with the name of the resource group where the misconfiguration needs to be remediated and<managed_identity_name>
with the name you want to give to the managed identity. -
Once the managed identity is created, assign the managed identity to the Azure resource that needs to access Azure services using the command:
Replace
<resource_id>
with the ID of the Azure resource that needs to access Azure services. -
Verify that the System-Assigned Managed Identity has been enabled by running the command:
This command should return the identity details of the Azure resource, including the System-Assigned Managed Identity.
Using Python
Using Python
To remediate the misconfiguration “Enable System-Assigned Managed Identities” in Azure using Python, you can follow the below steps:
-
Install the Azure SDK for Python using the following command:
-
Import the required modules in your Python script:
-
Set the credentials for authentication using the
DefaultAzureCredential
class: -
Create an instance of the
ComputeManagementClient
class using the credentials and the Azure subscription ID: -
Get the details of the virtual machine that needs to be remediated using the
get
method of theVirtualMachinesOperations
class: -
Enable the system-assigned managed identity for the virtual machine using the
update
method of theVirtualMachinesOperations
class: - Save the changes and exit the script.