Skip to content

Commit 2b0d907

Browse files
committed
No "disable local auth" in standard tier
1 parent f1bb8d2 commit 2b0d907

File tree

1 file changed

+1
-56
lines changed

1 file changed

+1
-56
lines changed

articles/event-grid/authenticate-with-entra-id-namespaces.md

Lines changed: 1 addition & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ EventGridEvent egEvent = new EventGridEvent(
8585
await client.SendEventAsync(egEvent);
8686
```
8787

88-
### Prerequisites
88+
### SDKs
8989

9090
Following are the prerequisites to authenticate to Event Grid.
9191

@@ -124,61 +124,6 @@ For more information, see the following articles:
124124
- [Azure Event Grid client library for JavaScript](/javascript/api/overview/azure/eventgrid-readme)
125125
- [Azure Event Grid client library for Python](/python/api/overview/azure/eventgrid-readme)
126126

127-
## Disable key and shared access signature authentication
128-
129-
Microsoft Entra authentication provides a superior authentication support than that's offered by access key or Shared Access Signature (SAS) token authentication. With Microsoft Entra authentication, the identity is validated against Microsoft Entra identity provider. As a developer, you won't have to handle keys in your code if you use Microsoft Entra authentication. You'll also benefit from all security features built into the Microsoft Identity platform, such as [Conditional Access](/entra/identity/conditional-access/overview) that can help you improve your application's security stance.
130-
131-
Once you decide to use Microsoft Entra authentication, you can disable authentication based on access keys or SAS tokens.
132-
133-
> [!NOTE]
134-
> Acess keys or SAS token authentication is a form of **local authentication**. you'll hear sometimes referring to "local auth" when discussing this category of authentication mechanisms that don't rely on Microsoft Entra ID. The API parameter used to disable local authentication is called, appropriately so, ``disableLocalAuth``.
135-
136-
### Azure portal
137-
138-
When creating a new topic, you can disable local authentication on the **Advanced** tab of the **Create Topic** page.
139-
140-
:::image type="content" source="./media/authenticate-with-microsoft-entra-id/create-topic-disable-local-auth.png" alt-text="Screenshot showing the Advanced tab of Create Topic page when you can disable local authentication.":::
141-
142-
For an existing topic, following these steps to disable local authentication:
143-
144-
1. Navigate to the **Event Grid Topic** page for the topic, and select **Enabled** under **Local Authentication**
145-
146-
:::image type="content" source="./media/authenticate-with-microsoft-entra-id/existing-topic-local-auth.png" alt-text="Screenshot showing the Overview page of an existing topic.":::
147-
2. In the **Local Authentication** popup window, select **Disabled**, and select **OK**.
148-
149-
:::image type="content" source="./media/authenticate-with-microsoft-entra-id/local-auth-popup.png" alt-text="Screenshot showing the Local Authentication window.":::
150-
151-
152-
### Azure CLI
153-
The following CLI command shows the way to create a custom topic with local authentication disabled. The disable local auth feature is currently available as a preview and you need to use API version ``2021-06-01-preview``.
154-
155-
```cli
156-
az resource create --subscription <subscriptionId> --resource-group <resourceGroup> --resource-type Microsoft.EventGrid/topics --api-version 2021-06-01-preview --name <topicName> --location <location> --properties "{ \"disableLocalAuth\": true}"
157-
```
158-
159-
For your reference, the following are the resource type values that you can use according to the topic you're creating or updating.
160-
161-
| Topic type | Resource type |
162-
| ------------------| :------------------------------------|
163-
| Domains | Microsoft.EventGrid/domains |
164-
| Partner Namespace | Microsoft.EventGrid/partnerNamespaces|
165-
| Custom Topic | Microsoft.EventGrid/topics |
166-
167-
### Azure PowerShell
168-
169-
If you're using PowerShell, use the following cmdlets to create a custom topic with local authentication disabled.
170-
171-
```PowerShell
172-
173-
Set-AzContext -SubscriptionId <SubscriptionId>
174-
175-
New-AzResource -ResourceGroupName <ResourceGroupName> -ResourceType Microsoft.EventGrid/topics -ApiVersion 2021-06-01-preview -ResourceName <TopicName> -Location <Location> -Properties @{disableLocalAuth=$true}
176-
```
177-
178-
> [!NOTE]
179-
> - To learn about using the access key or shared access signature authentication, see [Authenticate publishing clients with keys or SAS tokens](security-authenticate-publishing-clients.md)
180-
> - This article deals with authentication when publishing events to Event Grid (event ingress). Authenticating Event Grid when delivering events (event egress) is the subject of article [Authenticate event delivery to event handlers](security-authentication.md).
181-
182127
## Resources
183128
- Data plane SDKs
184129
- Java SDK: [GitHub](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/eventgrid/azure-messaging-eventgrid) | [samples](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/eventgrid/azure-messaging-eventgrid/src/samples/java/com/azure/messaging/eventgrid) | [migration guide from previous SDK version](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/eventgrid/azure-messaging-eventgrid/migration-guide.md)

0 commit comments

Comments
 (0)