You create an Azure Resource Manager (ARM) template to deploy an Azure virtual machine (VM) running Windows Server 2019.
You need to allow other users to deploy this ARM template multiple times without exposing the administrator password.
What should you do?
You should create a parameter file referencing an Azure Key Vault secret. You can create an Azure Key Vault secret and integrate it with the ARM template by adding a reference for this secret in the parameter file. This securely stores the administrator password without exposing it to other users.
You should not create a user-assigned managed identity for the VMs. You can use a managed identity to authenticate your VMs with any service that supports Azure Active Directory (Azure AD) authentication without saving any credentials in your code. You cannot store the VM administrator password using a managed identity.
You should not create a parameter file referencing an Azure Key Vault key. You can use an Azure Key Vault key to store cryptographic keys. Azure Key Vault supports multiple types of keys and algorithms. However, you should use a secret to store a password in a Key Vault.