Use Entra ID authentication with Service Fabric clusters#
Security · Service Fabric · Rule · 2021_03 · Critical
Use Entra ID client authentication for Service Fabric clusters.
Description#
When deploying Service Fabric clusters on Azure, Entra ID (previously known as Azure AD) can optionally be used to secure management endpoints. If configured, client authentication (client-to-node security) uses Entra ID. Additionally Azure Role-based Access Control (RBAC) can be used to delegate cluster access.
For Service Fabric clusters running on Azure, Entra ID is recommended to secure access to management endpoints.
Recommendation#
Consider enabling Entra ID client authentication for Service Fabric clusters.
Notes#
For Linux clusters, Entra ID authentication must be configured at cluster creation time. Windows cluster can be updated to support Entra ID authentication after initial deployment.
Links#
- SE:05 Identity and access management
- Security recommendations
- Set up Microsoft Entra ID for client authentication
- Configure Azure Active Directory Authentication for Existing Cluster
- Azure deployment reference