Manage VMs using Azure AD-based authentication & authorization and region-specific Azure subscriptions
This article provides information about how to manage the Azure Resource Manager-based and region-specific Azure subscriptions using System Center - Virtual Machine Manager (VMM).
You can add Microsoft Azure subscriptions to System Center 2016 - Virtual Machine Manager (VMM) and later, and perform required actions. Learn more. The VMM Azure plugin allows management of Azure subscriptions through certificate-based authentication and authorization, and VMs in public Azure region.
VMM 1801 and later supports management of Azure subscriptions through Azure active directory and region-specific Azure subscriptions. (namely, Germany, China, US Government Azure regions).
Management of Azure subscriptions through certificate-based authentication and authorization requires Management certificate. Learn More.
Management of VMs using Azure AD-based authentication and authorization requires Azure AD application.
Before you start
Ensure the following prerequisites:
Azure AD application - to manage VMs by using VMM through AD authentication and authorization, you need to create an Azure AD application, and then provide the following details through VMM Azure plugin:
- Azure Subscription ID
- Azure Active Directory ID
- Azure Active Directory - Application ID & Application Key
Learn more on how to create an Azure AD App.
A management certificate - with the configuration as described in this article.
The subscription must have a management certificate associated with it so that VMM can use the service management API in Azure.
Make note of the subscription ID and the certificate thumbprint.
Certificates must be x509 v3 compliant.
The management certificate must be located in the local certificate store on the computer on which you add the Azure subscription feature.
The certificate should also be located in the Current User\Personal store of the computer running the VMM console.
The certificate is required only if you choose to use certificate-based authentication to manage your Azure subscription.
Procedure - manage Azure AD-based authentication & authorization and region-specific Azure subscriptions
Use the following steps:
Browse to Azure subscription and click Add Subscription.
Provide Display Name, Azure cloud, and Subscription ID.
You can provide any friendly name as display name. Choose either public Azure or region-specific subscription as appropriate.
Select Management using Azure AD authentication (to use certificate based management, go to step 5)
Provide Directory ID, Application ID and Key, and then click Finish (after this step, directly go to step 6).
To use management certificate, select Management using management certificate. (not required if already performed step 3 and 4)
If you want to continue using certificate based authentication, then instead of selecting Azure AD authentication, choose management certificate based authentication and provide the management certificate from “Current User\Personal” certificate store and then click Finish.
Verify the Azure subscription and the VMs hosted on Azure.