Manage VMs using Azure AD-based authentication & authorization and region-specific Azure subscriptions

This article provides information about how to manage the ARM-based and region-specific Azure subscriptions using System Center 1801 - Virtual Machine Manager (VMM).

You can add Microsoft Azure subscriptions to System Center 2016 - Virtual Machine Manager (VMM) and later and perform required actions. Learn more. Currently, the VMM Azure plugin allows management of Azure subscriptions through certificate-based authentication and authorization, and VMs in public Azure region.

VMM 1801 supports management of Azure subscriptions through azure active directory and region-specific Azure subscriptions. (namely, Germany, China, US Government Azure regions).

Management of Azure subscriptions through certificate-based authentication and authorization requires Management certificate. Learn More.

Management of VMs using Azure AD based authentication and authorization requires Azure AD application.

Before you start

Ensure the following prerequisites:

  • Azure AD application - to manage VMs by using VMM through AD authentication and authorization, you need to create an Azure AD application, and then provide the following details through VMM Azure plugin:

    • Azure Subscription ID
    • Azure Active Directory ID
    • Azure Active Directory - Application ID & Application Key

    Learn more on how to create an Azure AD App.

  • A management certificate - with the configuration as described in this article.

    • The subscription must have a management certificate associated with it so that VMM can use the service management API in Azure.
    • Make note of the subscription ID and the certificate thumbprint.
    • Certificates must be x509 v3 compliant.
    • The management certificate must be located in the local certificate store on the computer on which you add the Azure subscription feature.
    • The certificate should also be located in the Current User\Personal store of the computer running the VMM console.

      Note

      The certificate is required only if you choose to use certificate-based authentication to manage your Azure subscription.

Procedure - manage Azure AD-based authentication & authorization and region-specific Azure subscriptions

Use the following steps:

  1. Browse to Azure subscription and click Add Subscription. add subscription

  2. Provide Display Name, Azure cloud and Subscription ID.

    You can provide any friendly name as display name. Choose either public Azure or region-specific subscription as appropriate.

    add subscription id

  3. Select Management using Azure AD authentication (to use certificate based management, go to step 5)

    select authentication

  4. Provide Directory ID, Application ID and Key, and then click Finish (after this step, directly go to step 6). ad authentication details

  5. To use management certificate, select Management using management certificate. (not required if already performed step 3 and 4)

    If you want to continue using certificate based authentication, then instead of selecting Azure AD authentication choose management certificate based authentication and provide the management certificate from “Current User\Personal” certificate store and then click Finish.

    select authentication

  6. Verify the Azure subscription and the VMs hosted on Azure. verify subscription authentication

Next steps