Migrate on-prem AD to azure AD having ADDS
I have to move legacy apps from on-prem to azure. What I read is to use ADDS for legacy apps authentication is the only option since some of my legacy apps are using SSO and some has service accounts at on-prem AD. the goals are below: Migrate on-prem active directory to azure active directory and have azure active directory domain services. Migrate local group policies to azure active directory domain services migrate all services accounts from azure managed identities so those can be used on legacy applications. Migrate all user profiles seamlessly. Completely demote on-prem active directory. The environment is having 956 users and 20+ applications. currently have on-prem AD and azure AD and users are hybrid joined. Please guide through the process and best practice for above scenario.
OAuth2 token from Instance Metadata Service (IMDS): Can I fetch using client_credentials POST?
I can call the IMDS and receive a token for my VM's System-assigned or User-assigned Managed Identities, per https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-curl curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F' -H Metadata:true -s But what if I want to fetch this token using an OAuth2 RFC6749 Client Credentials Request (4.4.2) by sending a POST with grant_type=client_credentials . I have an application that wants to retrieve tokens in this way. Is that possible? I can only find GET requests to the IMDS for these oauth2/token endpoints documented.