Azure ARM Template for VM Creation with AAD Sign-in

Microsoft recently released a public preview of a new capability in Azure allowing to sign in to Windows virtual machine using Azure AD account. Previously you would need several steps to complete the deployment of joining your virtual machine to managed Azure AD Domain Service (ADDS). Now you can create a virtual machine with AAD sign-in capability.

This article shortly gives a bit about the capability as well as a ARM template to help create a virtual machine that can be logged in using Azure AD.

TL;DR: You can skip this article and use template from here https://github.com/azsec/scaf-azure-arm-templates/tree/master/VirtualMachine/vm-with-aad

This article gives you tons of things. Do not miss it https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

Extension schema

The extension is named AADLoginForWindows. Below is the extension schema you can include into your ARM template for virtual machine creation.

Once the deployment is completed, you can go to virtual machine extension to verify:

and Azure AD > Devices to check status.

Post-Deployment

You can enable AAD login after creating a virtual machine. For the sake of using PowerShell, below is the dirty code snippet to achieve:

There is a thing worth mentioning. If your subscription is an MSDN one then you may need to wait. Currently AAD Sign-In capability on VM can only be seen (when creating a VM) in EA subscription.

This entry was posted in Identity & Access Control and tagged , . Bookmark the permalink.

1 Response to Azure ARM Template for VM Creation with AAD Sign-in

  1. Pingback: Deploy a healthy development Windows virtual machine - Microsoft Azure Security RandomnessMicrosoft Azure Security Randomness

Leave a Reply