cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Providing Students access to centrally provided Azure Resources when they do not have Azure Subscription credentials

By
Lee Stott
Published Mar 21 2019 02:24 PM 190 Views
Lee Stott
Microsoft
‎Mar 21 2019 02:24 PM

Providing Students access to centrally provided Azure Resources when they do not have Azure Subscription credential...

‎Mar 21 2019 02:24 PM
First published on MSDN on Dec 18, 2018

Using Azure Managed Service Identity (MSI) to provide students access to Azure Resources

To learn how to use managed identities to access different Azure resources, try these tutorials.

Learn how to use a managed identity with a Windows VM:

Learn how to use a managed identity with a Linux VM:

Learn how to use a managed identity with other Azure services:

Using MSI for providing student access to Azure ML Workspace from a dedicated Data Science Virtual Machines

Typically courses provide a fixed pool of resources for students to utilise.

Pooled Resources

Many academics are providing Azure Data Science VM (DSVM) for the class.

Using Managed Services Identity

When you create the VM with a MSI and give it permission to the resource group where you have the Azure ML Workspace. In this scenario any local user on the DSVM (students in the lab) can access the Azure ML Workspace without having a dedicated Azure subscription credentials.

The Students simply need to authenticate to the Virtual Machine (using local auth/AD/Shibboleth).

Below is the sample code to do add Managed Service Identity to create or attach to a Azure ML Workspace with the change from usual highlighted.



Please note, MSI is a general Azure feature and not specific to DSVM as can be seen in the examples above so you can use MSI to provide students access to centrally provided resources..

Ref: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/over...

0 Likes
Like
%3CLINGO-SUB%20id%3D%22lingo-sub-381440%22%20slang%3D%22en-US%22%3EProviding%20Students%20access%20to%20centrally%20provided%20Azure%20Resources%20when%20they%20do%20not%20have%20Azure%20Subscription%20credentials%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-381440%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3E%20First%20published%20on%20MSDN%20on%20Dec%2018%2C%202018%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%3CP%3EUsing%20Azure%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Managed%20Service%20Identity%20%3C%2FA%3E%20(MSI)%20to%20provide%20students%20access%20to%20Azure%20Resources%3C%2FP%3E%0A%20%20%3CH2%20id%3D%22toc-hId-1709380582%22%20id%3D%22toc-hId-1737921384%22%3ETo%20learn%20how%20to%20use%20managed%20identities%20to%20access%20different%20Azure%20resources%2C%20try%20these%20tutorials.%3C%2FH2%3E%0A%20%20%3CP%3ELearn%20how%20to%20use%20a%20managed%20identity%20with%20a%20Windows%20VM%3A%3C%2FP%3E%0A%20%20%3CUL%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-windows-vm-access-datalake%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20Data%20Lake%20Store%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-windows-vm-access-arm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20Resource%20Manager%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-windows-vm-access-sql%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20SQL%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-windows-vm-access-storage%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20Storage%20by%20using%20an%20access%20key%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-windows-vm-access-storage-sas%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20Storage%20by%20using%20shared%20access%20signatures%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-windows-vm-access-nonaad%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20a%20non-Azure%20AD%20resource%20with%20Azure%20Key%20Vault%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%3C%2FUL%3E%0A%20%20%3CP%3ELearn%20how%20to%20use%20a%20managed%20identity%20with%20a%20Linux%20VM%3A%3C%2FP%3E%0A%20%20%3CUL%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-linux-vm-access-datalake%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20Data%20Lake%20Store%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-linux-vm-access-arm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20Resource%20Manager%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-linux-vm-access-storage%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20Storage%20by%20using%20an%20access%20key%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-linux-vm-access-storage-sas%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20Azure%20Storage%20by%20using%20shared%20access%20signatures%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Ftutorial-linux-vm-access-nonaad%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Access%20a%20non-Azure%20AD%20resource%20with%20Azure%20Key%20Vault%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%3C%2FUL%3E%0A%20%20%3CP%3ELearn%20how%20to%20use%20a%20managed%20identity%20with%20other%20Azure%20services%3A%3C%2FP%3E%0A%20%20%3CUL%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fapp-service-managed-service-identity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Azure%20App%20Service%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fapp-service-managed-service-identity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Azure%20Functions%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flogic-apps%2Fcreate-managed-service-identity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Azure%20Logic%20Apps%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fservice-bus-messaging%2Fservice-bus-managed-service-identity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Azure%20Service%20Bus%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fevent-hubs%2Fevent-hubs-managed-service-identity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Azure%20Event%20Hubs%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapi-management%2Fapi-management-howto-use-managed-service-identity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Azure%20API%20Management%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fcontainer-instances%2Fcontainer-instances-managed-identity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Azure%20Container%20Instances%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%3C%2FUL%3E%0A%20%20%3CP%3EUsing%20MSI%20for%20providing%20student%20access%20to%20Azure%20ML%20Workspace%20from%20a%20dedicated%20Data%20Science%20Virtual%20Machines%3C%2FP%3E%0A%20%20%3CP%3ETypically%20courses%20provide%20a%20fixed%20pool%20of%20resources%20for%20students%20to%20utilise.%3C%2FP%3E%0A%20%20%3CH2%20id%3D%22toc-hId--842776379%22%20id%3D%22toc-hId--814235577%22%3EPooled%20Resources%3C%2FH2%3E%0A%20%20%3CP%3EMany%20academics%20are%20providing%20Azure%20Data%20Science%20VM%20(DSVM)%20for%20the%20class.%3C%2FP%3E%0A%20%20%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F96612iC56B7E31AE77086E%22%20%2F%3E%3C%2FP%3E%0A%20%20%3CH2%20id%3D%22toc-hId-900033956%22%20id%3D%22toc-hId-928574758%22%3EUsing%20Managed%20Services%20Identity%3C%2FH2%3E%0A%20%20%3CP%3EWhen%20you%20create%20the%20VM%20with%20a%20MSI%20and%20give%20it%20permission%20to%20the%20resource%20group%20where%20you%20have%20the%20Azure%20ML%20Workspace.%20In%20this%20scenario%20any%20local%20user%20on%20the%20DSVM%20(students%20in%20the%20lab)%20can%20access%20the%20Azure%20ML%20Workspace%20without%20having%20a%20dedicated%20Azure%20subscription%20credentials.%3C%2FP%3E%0A%20%20%3CP%3EThe%20Students%20simply%20need%20to%20authenticate%20to%20the%20Virtual%20Machine%20(using%20local%20auth%2FAD%2FShibboleth).%3C%2FP%3E%0A%20%20%3CP%3EBelow%20is%20the%20sample%20code%20to%20do%20add%20Managed%20Service%20Identity%20to%20create%20or%20attach%20to%20a%20Azure%20ML%20Workspace%20with%20the%20change%20from%20usual%20highlighted.%3C%2FP%3E%0A%20%20%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F96613i6AFB3942BAFBAEDB%22%20%2F%3E%3C%2FP%3E%0A%20%20%3CP%3E%3CBR%20%2F%3E%3C%2FP%3E%3CBR%20%2F%3E%20Please%20note%2C%20MSI%20is%20a%20general%20Azure%20feature%20and%20not%20specific%20to%20DSVM%20as%20can%20be%20seen%20in%20the%20examples%20above%20so%20you%20can%20use%20MSI%20to%20provide%20students%20access%20to%20centrally%20provided%20resources..%3CP%3ERef%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Foverview%3C%2FA%3E%3C%2FP%3E%0A%20%0A%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-381440%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20MSDN%20on%20Dec%2018%2C%202018%20Using%20Azure%20Managed%20Service%20Identity%20(MSI)%20to%20provide%20students%20access%20to%20Azure%20ResourcesTo%20learn%20how%20to%20use%20managed%20identities%20to%20access%20different%20Azure%20resources%2C%20try%20these%20tutorials.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-381440%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eacademic%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ecloud%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ecloud%20computing%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Efaculty%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Elearning%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emanaged%20service%20identity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Mar 21 2019 02:24 PM
Updated by:
Labels