Support Managed Identity

[bbakermmc]

Have you tried using a managed idenity instead of a service provider account, this way we dont need to have an extra account, the MI is seen as a user in AAD, so we can give it permissions it needs, but we dont need to manage a password etc, and if we remove the function app the user account is also auto removed, no lingering service accounts that could get compromised.

[bbakermmc]

You should be able to do this for the function app, we use MI on function apps to access our Managed SQL instance.

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-template-windows-vm

Then you can also give the role assignments :) then no more service principal hopefully and its all auto deployed.

[n3wt0n]

At this time, I can't implement the service using Managed Identity because Azure DNS doesn't support it yet. It supports only Service Principal authentication.

I will post regular updates, and I will implement this when Azure DNS MI support will be available.

[n3wt0n]

UPDATE: Azure DNS still doesn't support Managed Identities.

This is the list of services that support MIs: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities