During the Azure Arc node onboarding, you will also get a system-assigned managed identity for that server. This opens up many more use cases for us and we can delegate different permissions for our resources, for example, Azure Key Vault etc.
I recommend reading Authenticate against Azure resources with Azure Arc-enabled servers article.
You can install the Az.ManagedServiceIdentity PowerShell module directly from the PowerShell Gallery.
Install-Module -Name Az.ManagedServiceIdentity -Force -Verbose
Run the following command to print out all the command lets in Az.ManagedServiceIdentity PowerShell module
- Get-Command -Module Az.ManagedServiceIdentity
Get-AzFederatedIdentityCredentials Get-AzSystemAssignedIdentity Get-AzUserAssignedIdentity Get-AzUserAssignedIdentityAssociatedResource New-AzFederatedIdentityCredentials New-AzUserAssignedIdentity Remove-AzFederatedIdentityCredentials Remove-AzUserAssignedIdentity Update-AzFederatedIdentityCredentials Update-AzUserAssignedIdentity
Gets the systemAssignedIdentity available under the specified RP scope.
Get-AzSystemAssignedIdentity -Scope "/subscriptions/XXXXXX/resourceGroups/RG-PROD-IT-ARC/providers/Microsoft.HybridCompute/machines/ADFS01"
Get-AzSystemAssignedIdentity lists the following information
I also made one Excel spreadsheet that lists all the commands. You can download this from my GitHub repository.
Learn the Az.ManagedServiceIdentity PowerShell module commands and pump up your Azure Arc toolbox.
Let me know if you need help with Azure Arc implementation.