question

NigelMorse-1617 avatar image
0 Votes"
NigelMorse-1617 asked JamesTran-MSFT answered

Control who logs into VMs via Azure AD Domain Services

Looking at setting up Azure AD Domain Services for several VMs in Azure (include 2 SQL Servers in a cluster for Availability Groups). If we do that how can we control which people from the AAD can log into the machines - is that just done by making an AAD group "Azure VM Access" or similar and then making that group either able to RDP in and/or make them local machine Admins ?

azure-ad-domain-servicesazure-rbac
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered

@NigelMorse-1617
Thank you for your post and I apologize for the delayed response!

When it comes to controlling who from your AzureAD tenant can connect to your VMs, you can definitely try leveraging Azure role-based access control (Azure RBAC). RBAC helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. For more info.

Compute specific built-in roles:
83003-image.png

Additional link - Sign in to Windows virtual machine in Azure using Azure Active Directory authentication (Preview)


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (35.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.