Managed identities
A common challenge for developers is the management of secrets and credentials to secure communication between different services. On Azure, managed identities eliminate the need for developers having to manage credentials by providing an identity for the Azure resource in Azure AD and using it to obtain Azure Active Directory (Azure AD) tokens.
Note
Managed identities are only available for Media Services accounts created using the v3 API. If you are using the v2 API and would like to use managed identities, please migrate from v2 to v3 Migrate from Media Services v2 to v3 introduction.
Media Services Managed Identity scenarios
There are three scenarios where Managed Identities can be used with Media Services:
- Granting a Media Services account access to Key Vault to enable Customer Managed Keys
- Granting a Media Services account access to storage accounts to allow Media Services to bypass Azure Storage Network ACLs
- Allowing other services (for example, VMs or Azure Functions) to access Media Services
In the first two scenarios, the Managed Identity is used to grant the Media Services account access to other services. In the third scenario, the service has a Managed Identity which is used to access Media Services.
For the first scenario, the Managed Identity of the Media Services account must have the Storage Blob Contributor
role for the storage account.
Note
These scenarios can be combined. You could create Managed Identities for both the Media Services account (for example, to access customer-managed keys) and the Azure Functions resource to access to Media Services account.
Tutorials and How-tos
Try these tutorials to get some hands-on experience with using a Managed Identity with Media Services.
- CLI: Encrypt data into a Media Services account using a key in Key Vault
- CLI: Allow Media Services to access a storage account that is configured to block requests from unknown IP addresses
- CLI: Give a Function App access to Media Services account
- PORTAL: Use the Azure portal to use customer-managed keys or BYOK with Media Services
Further reading
To learn more about what managed identities can do for you and your Azure applications, see Azure AD Managed Identities.
To learn more about Azure Functions, see About Azure Functions