Table of Contents
What Is the Difference Between Managed Identities and Service Principals for Securing Code?
Prepare for the AZ-500 exam by learning how Managed Identities eliminate the need for credentials in code. Understand the key differences between Managed Identities and standard Service Principals for secure Azure AD authentication.
Question
Which of the following identities eliminate the need for credentials in code?
A. Managed Identities
B. Service Principals
C. Managed Identities and Service Principals
D. None of the above.
Answer
A. Managed Identities
Explanation
Managed Identities eliminate the need to manage credentials. Managed identities are service principals of a special type, which are associated to specific Azure resources.
The statement is correct because Managed Identities for Azure resources is a feature of Azure Active Directory specifically designed to solve the problem of managing credentials in code. It provides an Azure service (like a VM, App Service, or Azure Function) with an automatically managed identity in Azure AD. This allows the resource to authenticate to other Azure services that support Azure AD authentication (e.g., Key Vault, Storage, SQL Database) without developers needing to store any secrets, passwords, or certificates in their code or configuration files.
Managed Identities
When you enable a managed identity on an Azure resource, Azure creates a special type of service principal for it. The code running on that resource can then request an access token from a local, non-routable metadata endpoint. Azure handles the entire credential lifecycle, including creation, automatic rotation, and deletion, completely abstracting it away from the developer. This eliminates the risk of credentials being leaked from source code, configuration files, or environment variables.
Service Principals
A service principal is the broader term for an application’s identity in Azure AD. While a managed identity is a type of service principal, the term “Service Principals” in this context refers to the standard application registration model. With a standard service principal, the developer is responsible for creating and managing a credential for it, either a client secret (a password) or a certificate. These credentials must be securely stored (ideally in Azure Key Vault) and retrieved by the application to authenticate, meaning credentials still exist and must be managed.
Therefore, Managed Identities are the specific feature that completely eliminates the need for developers to handle credentials in their code.
Microsoft AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-500 exam and earn Microsoft AZ-500 certification.