How can we improve Azure Batch?

Support Managed Service Identity

We made application that uses Managed Service Identity.
It's easy and friendly way to access Azure Key Vault that contains some secrets.

Actually, Azure Batch is not support Managed Service Identity.
In this situation, We have to make another application between MSI enabled environment (Azure VM, Web Apps) and disabled environment (Azure Batch).

We don't want writing secrets in application package, environment variables and clear text configuration.
We want strongly Managed Service Identity in Azure Batch.

171 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Sunao Tomita shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

6 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Sean commented  ·   ·  Flag as inappropriate

    Can we please get an update on this? This is a standard feature of "regular" Azure Virtual Machines that you can configure with a single command line flag or config file option. We really, really don't want to have to store service principal credentials on our VMs if we can avoid it.

  • Manh Vo commented  ·   ·  Flag as inappropriate

    We have a similar problem as well. Batch Nodes are actually VM Scale Sets so it should support MSI natively.

  • Hector Rivas commented  ·   ·  Flag as inappropriate

    MSI worked great locally, but we package our apps and trigger them from ADF, and they just fail to run. A service principal seems to be the only route.

  • Omi Takekazu commented  ·   ·  Flag as inappropriate

    I really want MSI support. MSI makes it easy to use AD authentication and easily creates secure applications.

    It is not secure for applications to store secrets in environment variables or application configuration files. If we can use MSI, it's easy to access the secret in KeyVault.

    MSI is a great Azure feature. You should support MSI with Azure Batch.

Feedback and Knowledge Base