Search services uses a managed identity#
Security · Cognitive Search · Rule · 2021_06
Configure managed identities to access Azure resources.
Description#
Connections to Azure resources is required to use some features including indexing and customer managed-keys. Cognitive Search can use managed identities to authenticate to Azure resource without storing credentials.
Using Azure managed identities have the following benefits:
- You don't need to store or manage credentials. Azure automatically generates tokens and performs rotation.
- You can use managed identities to authenticate to any Azure service that supports Azure AD authentication.
- Managed identities can be used without any additional cost.
Recommendation#
Consider configuring a managed identity for each Cognitive Search service. Also consider using managed identities to authenticate to related Azure services.
Examples#
Configure with Azure template#
To deploy Cognitive Search services that pass this rule:
- Set the
identity.typetoSystemAssigned.
For example:
Azure Template snippet
{
"type": "Microsoft.Search/searchServices",
"apiVersion": "2022-09-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "standard"
},
"properties": {
"replicaCount": 3,
"partitionCount": 1,
"hostingMode": "default"
}
}
Configure with Bicep#
To deploy Cognitive Search services that pass this rule:
- Set the
identity.typetoSystemAssigned.
For example:
Azure Bicep snippet
resource search 'Microsoft.Search/searchServices@2022-09-01' = {
name: name
location: location
identity: {
type: 'SystemAssigned'
}
sku: {
name: 'standard'
}
properties: {
replicaCount: 3
partitionCount: 1
hostingMode: 'default'
}
}
Links#
- Use identity-based authentication
- What are managed identities for Azure resources?
- Connect a search service to other Azure resources using a managed identity
- Make indexer connections to Azure Storage as a trusted service
- Azure deployment reference
Last update:
2023-09-10