Skip to content

Use Entra ID authentication with Service Fabric clusters#

Security · Service Fabric · Rule · 2021_03 · Critical

Use Entra ID client authentication for Service Fabric clusters.

Description#

When deploying Service Fabric clusters on Azure, Entra ID (previously known as Azure AD) can optionally be used to secure management endpoints. If configured, client authentication (client-to-node security) uses Entra ID. Additionally Azure Role-based Access Control (RBAC) can be used to delegate cluster access.

For Service Fabric clusters running on Azure, Entra ID is recommended to secure access to management endpoints.

Recommendation#

Consider enabling Entra ID client authentication for Service Fabric clusters.

Notes#

For Linux clusters, Entra ID authentication must be configured at cluster creation time. Windows cluster can be updated to support Entra ID authentication after initial deployment.

Comments