Background

The Azure collection currently supports username/password and service principal authentication. These both require special configuration or maintenance and limit a managed app’s ability to maintain a seamless experience. If managed applications could request managed identities at deployment, then managed applications could automate against an Azure tenancy without the need for an AD account or service principal credential that expire and require manual management after deployment improving the overall experience.

This may not be something that is technically feasible unless the automation is actually running as a managed application.

Business Impact: Ensuring customers Azure resource management best practices, and ease the management and setup of credentials when automating against Azure resources.

Story

As an Ansible on Clouds customer I can write playbooks and configure tasks that can request managed identities from Azure so that automations against Azure resources can use it as a credential for automation delivery. This will allow me to use Azure's recommended approach for application security and remove the need to create numerous Service Principals that perform the same operation but in a less manageable way.