QUESTION 96

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1. You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do first? A. From the Azure portal, modify the Access control (IAM) settings of RG1. B. From the Azure portal, modify the Policies settings of RG1. C. From the Azure portal, modify the Access control (IAM) settings of VM1. D. From the Azure portal, modify the value of the Managed Service Identity option for VM1. Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation:
The managed identities for Azure resources feature in Azure Active Directory (Azure AD) solves this problem. The feature provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code. References: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/overview