Azure AD based SSH Login - Azure Arc

There are many security benefits of using Azure AD with SSH log in to Linux Arc Servers in Azure, including:

• Use your Azure AD credentials to log in to Linux Arc Servers.
• Get SSH certificate-based authentication without needing to distribute SSH keys to users or provision SSH public keys on any Linux Arc Servers you deploy. This experience is much simpler than having to worry about sprawl of stale SSH public keys that could cause unauthorized access.
• Reduce reliance on local administrator accounts, credential theft, and weak credentials.
• Password complexity and password lifetime policies configured for Azure AD help secure Linux Arc Servers as well.
• With Azure role-based access control, specify who can login to an Arc Server as a regular user or with administrator privileges. When users join or leave your team, you can update the Azure RBAC policy for the Arc Server to grant access as appropriate. When employees leave your organization and their user account is disabled or removed from Azure AD, they no longer have access to your resources.
• With Conditional Access, configure policies to require multi-factor authentication and/or require client device you are using to SSH be a managed device (for example: compliant device or hybrid Azure AD joined) before you can SSH to Linux Arc Server.
• Use Azure deploy and audit policies to require Azure AD login for Linux Arc Servers and to flag use of non-approved local accounts on the Arc Servers.