iCompaas Support

Profile Applicability:

• Level 1
  

Description:
 System Assigned Managed Identities provide the Azure resource, such as Azure Cache for Redis, with a unique identity that is automatically managed by Azure. This identity is associated with the resource instance and removed when the resource is deleted.

Rationale:
 Using a System Assigned Managed Identity for Azure resources eliminates the need for storing credentials in code or configuration files. The identity is authenticated with Microsoft Entra ID, and access to resources is managed through Azure Role-Based Access Control (RBAC), enhancing security and simplifying identity management.

Impact:

• Pros:
  

  • Improves security by eliminating the need for storing credentials in application code.
    

  • Facilitates secure access to Azure resources using Azure RBAC.
    

  • Automatically managed by Azure, reducing administrative overhead.
    

• Cons:
  

  • Some services may require manual configuration or additional permissions for proper access.
    

Default Value:

By default, the System Assigned Managed Identity is disabled.

Pre-requisites:
 Ensure that the required Azure permissions (e.g., RBAC roles) are available to the managed identity to access necessary resources.

Remediation

Test Plan:

Using Azure Portal:

1. Log in to the Azure Portal: https://portal.azure.com.
   

2. Go to Azure Cache for Redis or the relevant Azure resource.
   

3. Click on the name of the instance.
   

4. Under Settings, click on Identity.
   

5. Under the System Assigned tab, ensure that the Status is set to On.
   

   • If Yes is selected and the Object (principal) ID is populated, the resource is compliant.
     

Using Azure CLI:
1.  Run the following command to check the managed identity status

az redis show --resource-group <RESOURCE_GROUP_NAME> --name <CACHE_NAME> --query identity

• The output should show that the identity is enabled.
  

Implementation Plan:

Using Azure Portal:

1. Navigate to Azure Cache for Redis or the relevant Azure resource.
   

2. Select the instance, then go to Identity under Settings.
   

3. Under the System Assigned tab, toggle the Status to On.
   

4. Click Save and confirm by clicking Yes in the dialog that appears.
   

Using Azure CLI:
 To enable the System Assigned Managed Identity, run the following

az redis update --resource-group <RESOURCE_GROUP_NAME> --name <CACHE_NAME> --set identity.type=SystemAssigned

Backout Plan:

Using Azure Portal:

1. Go to the Azure Cache for Redis service.
   

2. Click on Identity under Settings.
   

3. Under the System Assigned tab, set the Status to Off.
   

Using Azure CLI:
1.  To disable the System Assigned Managed Identity, run the following:

az redis update --resource-group <RESOURCE_GROUP_NAME> --name <CACHE_NAME> --set identity.type=None

References:

• Azure Cache for Redis Managed Identity