How can we improve the Azure Resource Manager?

Sign instance metadata services

Current instance metadata services respond to an unauthenticated API call with an unsigned JSON reply.
As an ISV I need to be sure that my software is running againsta known customer - and I can correlate their subscription ID available from instance metadata against our customer list.

Currently it is possible to spoof the JSON response to an instance metadata query quite easily, and there is no way I can ensure that the response is genuine.

AWS provides a signed metadat document which contains the full metadata for the instance in a signed JSON document - this can be checked against publicly accessable certificates to ensure authenticity of metadata.

Azure should provide a similar level of protection for Azure instance metadata.

1 vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Mark Blackburn shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base