TL;DR

• Utilize user-assigned or system-assigned managed identities where this supports your use case.
• Use Workload Identity Federation managed identities for authentication where possible.

Jump to recipe

TL;DR

Terraform supports using Entra ID authentication to Azure Storage Accounts, and you can easily enable it.

TL;DR

List Azure role assignments and custom role definitions recursively with PowerShell and Azure CLI.

TL;DR: You can configure individual RBAC on keys, secrets, and certificates in Azure Key Vault with RBAC enabled.

The Azure Automation authentication via System Assigned Managed Identity is now in public preview!

If you’re like me when granting permissions, you want to do it according to least privilege. This is not always possible, but in Azure you have complete control over access given to custom RBAC roles.