Providing Students access to centrally provided Azure Resources when they do not have Azure Subscription credentials

  • Article

Using Azure Managed Service Identity (MSI) to provide students access to Azure Resources

To learn how to use managed identities to access different Azure resources, try these tutorials.

Learn how to use a managed identity with a Windows VM:

Learn how to use a managed identity with a Linux VM:

Learn how to use a managed identity with other Azure services:

Using MSI for providing student access to Azure ML Workspace from a dedicated Data Science Virtual Machines

Typically courses provide a fixed pool of resources for students to utilise.

Pooled Resources

Many academics are providing Azure Data Science VM (DSVM) for the class.

image

Using Managed Services Identity

When you create the VM with a MSI and give it permission to the resource group where you have the Azure ML Workspace. In this scenario any local user on the DSVM (students in the lab) can access the Azure ML Workspace without having a dedicated Azure subscription credentials.

The Students simply need to authenticate to the Virtual Machine (using local auth/AD/Shibboleth). 

Below is the sample code to do add Managed Service Identity to create or attach to a Azure ML Workspace with the change from usual highlighted.

image

Please note, MSI is a general Azure feature and not specific to DSVM as can be seen in the examples above so you can use MSI to provide students access to centrally provided resources..

Ref: /en-us/azure/active-directory/managed-identities-azure-resources/overview