There are many benefits of using Azure AD authentication to log in to Linux VMs in Azure, including:
You can use your corporate AD credentials to log in to Azure Linux VMs. There is no need to create local administrator accounts and manage credential lifetime.
By reducing your reliance on local administrator accounts, you do not need to worry about credential loss/theft, users configuring weak credentials etc.
The password complexity and password lifetime policies configured for your Azure AD directory help secure Linux VMs as well.
To further secure login to Azure virtual machines, you can configure multi-factor authentication.
The ability to log in to Linux VMs with Azure Active Directory also works for customers that useFederation Services.
Seamless collaboration:With Role-Based Access Control (RBAC), you can specify who can sign in to a given VM as a regular user or with administrator privileges. When users join or leave your team, you can update the RBAC policy for the VM to grant access as appropriate. This experience is much simpler than having to scrub VMs to remove unnecessary SSH public keys. When employees leave your organization and their user account is disabled or removed from Azure AD, they no longer have access to your resources.
Azure AD login for Linux VMs enables you to use your institutional Azure AD accounts for SSH logins on your Azure VMs, you can also effectively utilise all the security features including RBAC and for the SSH login process on your Linux servers.
All you need to do is to enable the AADLoginForLinux VM extension for your Azure VM and granting access rights to a user account using an RBAC role assignment.
You can enable AD support by using the following Azure CLI commands
Install the AD Login Extension
az vm extension set \ --publisher Microsoft.Azure.ActiveDirectory.LinuxSSH \ --name AADLoginForLinux \ --resource-group myResourceGroup \ --vm-name myVM
SSH Command for user connecting to the virtual machines
Users are prompted to open the following web page https://microsoft.com/devicelogin, They need enter a code you are shown in the session, and then to authenticate with your Azure AD credentials.
The users simply then close the browser window, return to the SSH prompt, and press the Enter key.
They are now signed in to the Azure Linux virtual machine with the role permissions as assigned, such as VM User or VM Administrator. If the user account is assigned the Virtual Machine Administrator Login role, you can use the sudo to run commands that require root privileges.