Azure Automation support for User Assigned Managed Identities is now in public preview
Date de publication : 16 juillet, 2021
Azure Automation now supports User Assigned Managed Identities for cloud jobs in Azure public, Government, and China cloud.
Managed identities eliminate the management overhead associated with managing RunAs Account in your runbook code. A user-assigned identity is a standalone Azure resource that can be assigned to your Automation account. An Automation account can have multiple user-assigned identities.
User-assigned managed identities are more efficient in a broader range of scenarios than system-assigned managed identities.
- User-assigned identities can be used by multiple Automation accounts , thereby reducing the administrative overhead of managing individual system assigned identity associated with each Automation account.
- The lifecycle of user assigned identities is decoupled from the Automation accounts' lifecycle with which they’re associated. This allows you to separate your Automation account creation and identity administration responsibilities. User-assigned identities and their role assignments can be configured in advance of the Automation account creation that require them. Users who create the Automation account only require the access to assign a user-assigned identity, without the need to create new identities or role assignments.
- Azure imposes a limit of 2,000 role assignments per Azure subscription. If you have a lot of Azure resources, each with their own individual system-assigned identity and granular role assignments, you can quickly run into this role assignment limit. In such a scenario you can provision user-assigned managed identities and share them amongst various resources. This can reduce administration costs since you'll have fewer service principals to manage. You can read more about choosing system or user assigned managed identities here.
Learn more about Automation Managed Identities support, Enable user assigned identities, and Disable user assigned identities.
Visit UserVoice: To vote for existing requests or create a new request.
Go to MicrosoftQ&A: To ask technical questions or roadmap related queries.