Representatives from Microsoft have announced a new Azure AD ability that might hold the key to fixing a Linux security problem that has plagued those who use the platform to run virtual machines. While Azure infrastructure has offered support for GNU/Linux-based VMs for several years, technicians have usually had to create local administrators accounts to access them.
These accounts may hypothetically outlast their usefulness whenever there’s a major shakeup in the personnel roster of an organization’s IT department. This makes these accounts a potential security risk as they can become compromised when employees get reassigned or leave.
Microsoft’s engineering teams have offered an answer to this problem by giving administrators the ability to log into a VM running Linux using Azure Active Directory (AD) credentials instead of a local account. While the technology isn’t quite ready for prime time just yet, the Microsoft Identity Division announced several interesting features that the preview should bring to the table even if they won’t find their way into production environments for some time.
Administrators should be able to log into Azure Linux VMs using the same account they use to sign into the Azure portal itself, as long as they’re running a compatible distribution inside of the virtual machine. The preview is being offered for all global Azure regions, which would insinuate that Microsoft is planning on eventually offering an official release worldwide.
REHL 7, CentOS 6.9 and CentOS 7.4 are all supported as well as three different versions of Ubuntu. This should represent a fairly sizable segment of Linux-based VMs currently in service on the Azure platform. Since Microsoft’s official documentation refers to these as distributions that are currently supported, it doesn’t seem far-fetched to believe that they have plans to include support for more platforms in the near future.
Other features announced for the preview include the ability to revoke VM access by disabling an Azure AD account as well as requiring two-step verification to log into a VM. Organizations using Azure AD Premium will also have the option of using Azure’s Privileged Identity Management system to set time-bound access to VMs they have running GNU/Linux.