Azure Insights: Terraform error message; Active Directory capabilities; MFA Server to MFA; Key Vault

July 5 2021

Azure pros discuss Terraform error messages, Azure Active Directory capabilities, the migration from MFA Server to MFA, and storing secrets with Key Vault using Variable Groups.

Making sense of a Terraform error message

A contributor to the Learn IT and DevOps blog discussed the "You have not accepted the legal terms on this subscription" error that some users encounter with Terraform. Sadly, the solution isn't quite as simple as some. Users cannot simply enter a small piece of code to resolve it. The contributor encountered the issue where prepping to deploy a Windows Server 2022 image.

To accept the terms, I need to first run the Terraform import command with the details of the image plan… After importing and accepting the agreement In the Terraform configuration code.

For this, users will need the Azure subscription ID.

Capabilities of Azure Active Directory

Vidya, writing on the WhizLabs blog, discussed the capabilities of Azure Active Directory. As Microsoft's primary Identity as a Service (IDaaS) offering, Azure AD supports single-sign on for Microsoft products like Office 365 as well as Concur, Salesforce, and ServiceNow. Leveraging REST APIs to pass data between apps, Azure AD offers a flat structure for a single tenant.

Vidya discussed Azure AD's role in providing unified identity for apps, improved security, access, and collaboration. Additionally, Vidya shared a comparison of Azure AD with Windows Active Directory.

If you are starting a brand new venture then it is probably smart to get the Azure Active Directory that can meet all your requirements. Both the systems are equally secure and easy to configure if you have a qualified expert to manage them, in the case of larger companies. For smaller businesses, both these directories will be comparatively easier to manage.

Moving from Azure MFA Server to Azure MFA

Microsoft MVP Sander Berkouwer, writing on The Things That Are Better Left Unspoken, discussed Microsoft's official guidance to migrate from Azure MFA Server to Azure MFA. Since July, 2019, Microsoft has not offered MFA Server for new deployments. Confusingly, though, the company issued a new version of MFA Server last month.

With MFA Server, only phone numbers can be easily migrated. Currently, it supports PINs to a greater degree than Azure MFA. Users will need to keep in-mind new strategies like uploading OATH-based hardware tokens to Azure MFA in a CSV file. He wrote:

It’s clear that 2021 and 2022 are the years in which your organization needs to move off MFA Server. Budgets should be made available to perform these projects. Communications should be started to prepare people in your organization for moving to more secure authentication methods.

Storing secrets in Key Vault with Variable Groups

Thomas Thornton explored how to store secrets in Key Vault when using Azure DevOps Pipelines. Leveraging variable groups, users are able to store secrets in DevOps, but this is less secure than Key Vault. Thornton created a variable group in DevOps, referenced the Azure subscription connection, and created a simple Bash command to login and use the variables.

He ran the pipeline. A new task will appear and users will be able to see downloaded secrets ready to be used in the pipeline.

About MSCN Reporter

More about MSCN Reporter