If you use Azure to run Linux virtual machines, you can now use your Azure AD (aka corporate) credentials to logon to your Linux session (in preview).

By enabling this feature, you can also take advantage of requesting MFA or enable RBAC role.

The following Linux distribution are supported for this capability:

  • CentOS 6.9 or 7.4
  • RedHat Enterprise 7.x
  • Ubuntu Server 14.04, 16.04 or 17.10

 

Enable the feature during the VM creation

You can enable this feature when you create a new Linux virtual machine by turning on the Logon with Azure Active Directory option, available at the first step (Basics) of virtual machine creation.

NOTE you still have to define a local account during the creation process anyway

image

or you can also use Azure Cli to install the Azure AD Login VM extension if you use an Azure Cli script (see below for the command)

 

Enable the feature for existing VM’s

If you already have Linux virtual machines deployed, you can enable this feature by using Azure Cli (you need at least the version 2.0.31)to install the Azure AD Login VM extension

az vm extension set \
    –publisher Microsoft.Azure.ActiveDirectory.LinuxSSH \
    –name AADLoginForLinux \
    –resource-group <your resource group name> \
    –vm-name <your Linux VM name>

 

Login with Azure AD to your Linux session

Before continuing, you must first get the IP address of your VM.

Using either Azure Cli or Azure Cloud Shell, run the following command

ssh -l <your corporate account> <IP address of your Linux VM>

image

Using Bash shell run the following command

~$ ssh –l <your corporate account> <IP address of your Linux VM>

Then you will get the following message asking you to logon to https://microsoft.com/devicelogin and enter the authentication code provided

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code <authentication code> to authenticate. Press ENTER when ready.

image

After entering the authentication code, the system will show that you are trying to logon to a Linux VM using your corporate account

image

Then you can pick the account you want to use for logon

image

NOTE if you try to logon with a different UPN than the one provided in the Azure Cli command, the login will fail

image

Once the logon has been successful, you can close the browser window

image

If you use Azure Cli, go back to the command prompt and hit Enter and you can now work on your Linux session with your corporate account.

image

Additional Information

To be able to logon to the VM using SSH you must be granted the Virtual Machine Administrator Login or Virtual Machine User Login role.

image