Assigning UAMI for multiple resources

1. Assigning UAMI for multiple resources

In this video, we'll see how to securely access a Storage Account using User Assigned Managed Identity, or UAMI. Let’s begin with a simple scenario. You have some data stored in a Storage Account, and both Azure Data Factory and a Logic App need to access it. Now, one option is to use System Assigned Managed Identity for each service. But that means managing permissions separately for every identity. A more efficient solution is to use a User Assigned Managed Identity. It’s reusable and simplifies access when multiple services need the same set of permissions. So, Let’s deploy a User Assigned Managed Identity. This identity is created independently and can be linked to any resource that needs it. Once deployed, it shows two key sections: Associated resources: this lists the services currently using this identity And Azure role assignments: this shows what access the identity has across different Azure resources At the moment, both sections are empty. Let’s assign this identity to our services. Starting with Azure Data Factory, open Identities and attach the identity under the User Assigned tab. We follow the same steps for Logic App as well. Now, if we head back to the identity and open Associated resources, we’ll see both services listed. This confirms that the connection is in place. Next, we’ll provide this identity access to the Storage Account. Under Access Control, we assign the Reader role. As members, we configure the User Assigned Managed Identity we just created, then review and assign. Once done, return to the identity and check Azure role assignments. You’ll see a new entry showing the granted role, its storage account scope, and that it’s linked to our identity. To wrap up, we created a reusable identity, assigned it to both ADF and Logic App, and gave it the right access to our Storage Account. And the best part? If we ever need another service to access the same data, we don’t have to redo everything. We can just tag this identity to it, and it’s ready to go.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.

This exercise is part of the course

Implement Azure Security for Developers

IntermediateSkill Level

4.9+

Start Course for Free

In this chapter, you’ll first get hands-on with Microsoft Entra ID to manage users, groups, and roles in a secure, centralized way. Then, you’ll build a solid foundation in identity management, exploring how authentication, authorization, and service principals work together to control access. Finally, you’ll learn to use Shared Access Signatures to grant limited, time-bound access to storage without exposing sensitive credentials.

Exercise 1: Getting started with Azure security Exercise 2: Microsoft Entra ID overview Exercise 3: Selecting the right security tool Exercise 4: Authentication and authorization in Entra ID Exercise 5: Creating users in Entra ID Exercise 6: Secure access Exercise 7: Authentication vs. authorization Exercise 8: Microsoft identity platform Exercise 9: Application object vs service principal Exercise 10: App-only access scenarios Exercise 11: Shared Access Signatures (SAS)Exercise 12: Choosing the right SAS Exercise 13: Creating a SAS token Exercise 14: Secure vs. insecure SAS practices

In this chapter, you'll build a strong foundation in securing app settings and sensitive data using Azure App Configuration and Key Vault. You’ll explore how to manage configurations, enable feature flags, and safeguard settings using encryption, private endpoints, and managed identities. Moving into Key Vault, you’ll learn how it stores secrets, keys, and certificates, and how to apply authentication and authorization best practices. Finally, you'll examine advanced protections like Soft Delete and Purge Protection to ensure your critical data remains safe and recoverable.

Exercise 1: Azure App configuration Exercise 2: Deploying App Configuration Exercise 3: Storing settings in App Configuration Exercise 4: Classify feature management components Exercise 5: Getting started with Key vault Exercise 6: Classifying keys, secrets, and certificates Exercise 7: Retrieve Key Vault secrets in Logic App Exercise 8: Managing secrets in Key Vault Exercise 9: Advanced Key vault settings Exercise 10: Choosing the right authorization model Exercise 11: Soft delete & purge protection

In this part of the course, you’ll begin with Azure Managed Identities, seeing how they let applications access resources securely without managing credentials. You’ll then move into Microsoft Graph, where you’ll explore its unified API and practice queries in Graph Explorer. Finally, you’ll advance to techniques like pagination and batching to handle data more efficiently and build scalable integrations.

Exercise 1: Secure access with managed identities Exercise 2: Managed identities: system vs user assigned Exercise 3: Assigning UAMI for multiple resources

Current Exercise

Exercise 4: Introduction to Microsoft Graph Exercise 5: Classifying HTTP methods Exercise 6: Exploring data with Graph explorer Exercise 7: Microsoft Graph explorer's quick tour Exercise 8: Advanced usage of Microsoft Graph Exercise 9: Client-side pagination with $top Exercise 10: Match responses to requests