Managed Identity in Azure Data Factory

Questions and Answers

What is the main purpose of managed identities in Azure Data Factory?

• Monitor network traffic
• Create Azure resources
• Eliminate the need to manage credentials (correct)
• Install software updates

Which type of managed identity is generated automatically for a service instance?

• System-assigned managed identity (correct)
• Shared managed identity
• User-assigned managed identity
• Custom managed identity

How can you explicitly generate a system-assigned managed identity for a service instance in Azure Data Factory?

• Change the region setting
• Update it with identity initiator programmatically (correct)
• Restart the service instance
• Reinstall the service instance

Which type of API call can be used to generate a system-assigned managed identity using REST API in Azure Data Factory?

/updateIdentity (B)

What benefit does a managed identity provide when accessing resources like Azure Key Vault in Azure Data Factory?

Securely store credentials (A)

What type of tokens does a service use when utilizing a managed identity to access resources?

Microsoft Entra tokens (C)

How can you generate a system-assigned managed identity using SDK in Azure Data Factory?

Call the create_or_update function with Identity=new FactoryIdentity() (A)

Where can you find the managed identity information related to Azure Data Factory within the Azure portal?

In the Data Factory properties section (B)

What is one way to grant permissions to a system-assigned managed identity?

Following the steps to assign Azure roles (C)

How can you retrieve a system-assigned managed identity programmatically?

By making a REST API call with specific parameters (D)

What is required in order to use a user-assigned managed identity in Microsoft EnteraID?

Creation of custom credentials for the unique managed identity (D)

Where can you find further information on managed identities in Azure Data Factory?

By reading Managed Identities for Azure Resources Overview (A)

Study Notes

Managed Identity in Azure Data Factory

• Managed identities eliminate the need to manage credentials and provide an identity for the service instance when connecting to resources that support Microsoft Entra authentication.
• Managed identities allow access to resources like Azure Key Vault and storage accounts, where data admins can securely store credentials.

Types of Managed Identities

• There are two types of supported managed identities: system-assigned and user-assigned.
• System-assigned managed identity is generated automatically when requested, and user-assigned managed identity is created, deleted, and managed in Microsoft Entra ID.

Generating System-Assigned Managed Identity

• System-assigned managed identity can be generated using PowerShell, REST API, or SDK.
• The "identity" section is populated accordingly after generating a system-assigned managed identity.
• Example code for generating system-assigned managed identity using .NET: FactoryIdentity().

Retrieving System-Assigned Managed Identity

• Managed identity information can be found in the Azure portal -> your data factory -> Properties.
• The managed identity principal ID and tenant ID will be returned when getting a specific service instance using PowerShell or REST API.
• The PrincipalId can be used to grant access, and the application ID can be obtained by copying the principal ID and running a Microsoft Entra ID command.

Description

Learn about managed identity in Azure Data Factory (formerly known as Managed Service Identity/MSI) and how it works, eliminating the need to manage credentials. This article explains how managed identities provide an identity for the service instance when connecting to resources supporting Microsoft Entra authentication.