Everything works except one thing, if I do ssh from different client (they require CLI for AAD login) I can still log in to the Linux servers with a local account. The document above says: "Use Azure deploy and audit policies to require Azure AD login for Linux VMs and flag non-approved local accounts" but I am totally getting the runaround about how to REQUIRE logins be only through AAD credentials. I've had a support ticket open for 6 weeks and have gone through 4 different support groups with no success.
I need this for SOC2 compliance and given that Azure show documents that their Azure services are SOC2 compliant, I cant imagine this is not achievable. Does anyone know how to force Linux servers to only permit ADD credentials for login?