If you use Azure to run Linux virtual machines, you can now use your Azure AD (aka corporate) credentials to logon to your Linux session (in preview).
By enabling this feature, you can also take advantage of requesting MFA or enable RBAC role.
The following Linux distribution are supported for this capability:
- CentOS 6.9 or 7.4
- RedHat Enterprise 7.x
- Ubuntu Server 14.04, 16.04 or 17.10
Enable the feature during the VM creation
You can enable this feature when you create a new Linux virtual machine by turning on the Logon with Azure Active Directory option, available at the first step (Basics) of virtual machine creation.
NOTE you still have to define a local account during the creation process anyway
or you can also use Azure Cli to install the Azure AD Login VM extension if you use an Azure Cli script (see below for the command)
Enable the feature for existing VM’s
If you already have Linux virtual machines deployed, you can enable this feature by using Azure Cli (you need at least the version 2.0.31)to install the Azure AD Login VM extension
az vm extension set \
–publisher Microsoft.Azure.ActiveDirectory.LinuxSSH \
–name AADLoginForLinux \
–resource-group <your resource group name> \
–vm-name <your Linux VM name>
Login with Azure AD to your Linux session
Before continuing, you must first get the IP address of your VM.
Using either Azure Cli or Azure Cloud Shell, run the following command
ssh -l <your corporate account> <IP address of your Linux VM>
Using Bash shell run the following command
~$ ssh –l <your corporate account> <IP address of your Linux VM>
Then you will get the following message asking you to logon to https://microsoft.com/devicelogin and enter the authentication code provided
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code <authentication code> to authenticate. Press ENTER when ready.
After entering the authentication code, the system will show that you are trying to logon to a Linux VM using your corporate account
Then you can pick the account you want to use for logon
NOTE if you try to logon with a different UPN than the one provided in the Azure Cli command, the login will fail
Once the logon has been successful, you can close the browser window
If you use Azure Cli, go back to the command prompt and hit Enter and you can now work on your Linux session with your corporate account.
To be able to logon to the VM using SSH you must be granted the Virtual Machine Administrator Login or Virtual Machine User Login role.