Description
In the 'security section, 'Managed Identities' the method to retrieve the secret using a policy is out of date. You can use 'Named Values' of type 'Key Vault' now, so the exercise needs updating to reflect this approach.
Also, you're required to perform a role assignment on Key Vault to do this, which Contributor does not allow you to assign.
See this word doc
API Management - Labs - security suggestion .docx
Tasks
- Update 'managed Identity' exercise to show instructions based on using a Named Value of type 'Key Vault' instead of the policy method.
- If the participant is expected to do all this themselves then make it clear in the pre-reqs that the security labs require User Access Admin (and a Key Vault). ALTERNATIVELY if this is being done as part of a larger group, to avoid multiple KVs being created, recommend adding instructions to the pre-req that specify to 1) create a key Vault for all to share, 2) create a user-assigned managed identity and assign it the relevant permissions to Key Vault 3) in the Security / Managed Identity exercise, when enabling the Identity of the APiM service, use the previously created User-Assigned Managed Identity .
Description
In the 'security section, 'Managed Identities' the method to retrieve the secret using a policy is out of date. You can use 'Named Values' of type 'Key Vault' now, so the exercise needs updating to reflect this approach.
Also, you're required to perform a role assignment on Key Vault to do this, which Contributor does not allow you to assign.
See this word doc
API Management - Labs - security suggestion .docx
Tasks