Skip to content

Search services uses a managed identity#

Security · Cognitive Search · 2021_06

Configure managed identities to access Azure resources.

Description#

Connections to Azure resources is required to use some features including indexing and customer managed-keys. Cognitive Search can use managed identities to authenticate to Azure resource without storing credentials.

Using Azure managed identities have the following benefits:

  • You don't need to store or manage credentials. Azure automatically generates tokens and performs rotation.
  • You can use managed identities to authenticate to any Azure service that supports Azure AD authentication.
  • Managed identities can be used without any additional cost.

Recommendation#

Consider configuring a managed identity for each Cognitive Search service. Also consider using managed identities to authenticate to related Azure services.

Examples#

Configure with Azure template#

To deploy Cognitive Search services that pass this rule:

  • Set the identity.type to SystemAssigned.

For example:

Azure Template snippet
{
    "apiVersion": "2020-08-01",
    "name": "[parameters('serviceName')]",
    "location": "[parameters('location')]",
    "type": "Microsoft.Search/searchServices",
    "identity": {
        "type": "SystemAssigned"
    },
    "sku": {
        "name": "[parameters('sku')]"
    },
    "properties": {
        "replicaCount": 3,
        "partitionCount": 1,
        "hostingMode": "default"
    },
    "tags": {},
    "dependsOn": []
}

Last update: 2022-10-17

Comments