An administrator wants a script running on an Azure VM to create a resource in Azure without storing any passwords or client secrets on the VM. What should the administrator configure first?
Trap 1: A shared local account on the VM
A local account helps with operating system access, but it does not securely authenticate to Azure APIs.
Trap 2: An Azure Policy exemption
Policy exemptions affect governance rules, not authentication for scripts or Azure resource creation.
Trap 3: A public IP address on the VM
A public IP affects network reachability, but it does not replace Azure authentication credentials.
- A
A shared local account on the VM
Why wrong: A local account helps with operating system access, but it does not securely authenticate to Azure APIs.
- B
A system-assigned managed identity on the VM
A managed identity lets the VM authenticate to Azure directly, so the script can use Azure CLI or PowerShell without secrets.
- C
An Azure Policy exemption
Why wrong: Policy exemptions affect governance rules, not authentication for scripts or Azure resource creation.
- D
A public IP address on the VM
Why wrong: A public IP affects network reachability, but it does not replace Azure authentication credentials.