Services that support managed identities for Azure resources

Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. Using a managed identity, you can authenticate to any service that supports Azure AD authentication without having credentials in your code. We are in the process of integrating managed identities for Azure resources and Azure AD authentication across Azure. Check back often for updates.

Note

Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).

Azure services that support managed identities for Azure resources

The following Azure services support managed identities for Azure resources:

Azure API Management

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Preview Preview Not available Preview

Refer to the following list to configure managed identity for Azure API Management (in regions where available):

Azure App Configuration

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not Available Not Available
User assigned Available Available Not Available Not Available

Refer to the following list to configure managed identity for Azure App Configuration (in regions where available):

Azure App Service

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Available Available
User assigned Available Available Available Available

Refer to the following list to configure managed identity for Azure App Service (in regions where available):

Azure Arc enabled Kubernetes

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Not available Not available Not available
User assigned Not available Not available Not available Not available

Azure Arc enabled Kubernetes currently supports system assigned identity. The managed service identity certificate is used by all Azure Arc enabled Kubernetes agents for communication with Azure.

Azure Automanage

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Not available Not available Not available
User assigned Not available Not available Not available Not available

Refer to the following document to reconfigure a managed identity if you have moved your subscription to a new tenant:

Azure Blueprints

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Not available
User assigned Available Available Not available Not available

Refer to the following list to use a managed identity with Azure Blueprints:

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Azure Cognitive Services

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Azure Container Instances

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Linux: Preview
Windows: Not available
Not available Not available Not available
User assigned Linux: Preview
Windows: Not available
Not available Not available Not available

Refer to the following list to configure managed identity for Azure Container Instances (in regions where available):

Azure Container Registry Tasks

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Not available Not available Not available
User assigned Preview Not available Not available Not available

Refer to the following list to configure managed identity for Azure Container Registry Tasks (in regions where available):

Azure Data Explorer

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Azure Data Factory V2

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Refer to the following list to configure managed identity for Azure Data Factory V2 (in regions where available):

Azure Event Grid

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Preview Not available Preview
User assigned Not available Not available Not available Not available

Azure Functions

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Available Available
User assigned Available Available Available Available

Refer to the following list to configure managed identity for Azure Functions (in regions where available):

Azure IoT Hub

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Refer to the following list to configure managed identity for Azure Data Factory V2 (in regions where available):

Azure Import/Export

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available in the region where Azure Import Export service is available Preview Available Available
User assigned Not available Not available Not available Not available

Azure Kubernetes Service (AKS)

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Not available
User assigned Preview Not available Not available Not available

For more information, see Use managed identities in Azure Kubernetes Service.

Azure Logic Apps

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Available Available Not available Available

Refer to the following list to configure managed identity for Azure Logic Apps (in regions where available):

Azure Machine Learning

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Not Available Not available Not available
User assigned Preview Not available Not available Not available

For more information, see Use managed identities with Azure Machine Learning.

Azure Policy

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Available Available
User assigned Not available Not available Not available Not available

Refer to the following list to configure managed identity for Azure Policy (in regions where available):

Azure Service Fabric

Managed Identity for Service Fabric Applications is available in all regions.

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Not Available Not Available not Available
User assigned Available Not Available Not Available Not Available

Refer to the following list to configure managed identity for Azure Service Fabric applications in all regions:

Azure Spring Cloud

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Not Available Not Available Not Available
User assigned Not Available Not Available Not Available Not Available

For more information, see How to enable system-assigned managed identity for Azure Spring Cloud application.

Azure Stack Edge

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available in the region where Azure Stack Edge service is available Not available Not available Not available
User assigned Not available Not available Not available Not available

Azure Virtual Machine Scale Sets

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Preview Preview
User assigned Available Available Preview Preview

Refer to the following list to configure managed identity for Azure Virtual Machine Scale Sets (in regions where available):

Azure Virtual Machines

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Preview Preview
User assigned Available Available Preview Preview

Refer to the following list to configure managed identity for Azure Virtual Machines (in regions where available):

Azure VM Image Builder

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Not Available Not Available Not Available Not Available
User assigned Available in supported regions Not Available Not Available Not Available

To learn how to configure managed identity for Azure VM Image Builder (in regions where available), see the Image Builder overview.

Azure SignalR Service

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Preview Not available Preview
User assigned Preview Preview Not available Preview

Refer to the following list to configure managed identity for Azure SignalR Service (in regions where available):

Azure services that support Azure AD authentication

The following services support Azure AD authentication, and have been tested with client services that use managed identities for Azure resources.

Azure Resource Manager

Refer to the following list to configure access to Azure Resource Manager:

Cloud Resource ID Status
Azure Global https://management.azure.com/ Available
Azure Government https://management.usgovcloudapi.net/ Available
Azure Germany https://management.microsoftazure.de/ Available
Azure China 21Vianet https://management.chinacloudapi.cn Available

Azure Key Vault

Cloud Resource ID Status
Azure Global https://vault.azure.net Available
Azure Government https://vault.usgovcloudapi.net Available
Azure Germany https://vault.microsoftazure.de Available
Azure China 21Vianet https://vault.azure.cn Available

Azure Data Lake

Cloud Resource ID Status
Azure Global https://datalake.azure.net/ Available
Azure Government Not Available
Azure Germany Not Available
Azure China 21Vianet Not Available

Azure SQL

Cloud Resource ID Status
Azure Global https://database.windows.net/ Available
Azure Government https://database.usgovcloudapi.net/ Available
Azure Germany https://database.cloudapi.de/ Available
Azure China 21Vianet https://database.chinacloudapi.cn/ Available

Azure Event Hubs

Cloud Resource ID Status
Azure Global https://eventhubs.azure.net Available
Azure Government Not Available
Azure Germany Not Available
Azure China 21Vianet Not Available

Azure Service Bus

Cloud Resource ID Status
Azure Global https://servicebus.azure.net Available
Azure Government Available
Azure Germany Not Available
Azure China 21Vianet Not Available

Azure Storage blobs and queues

Cloud Resource ID Status
Azure Global https://storage.azure.com/

https://<account>.blob.core.windows.net

https://<account>.queue.core.windows.net
Available
Azure Government https://storage.azure.com/

https://<account>.blob.core.usgovcloudapi.net

https://<account>.queue.core.usgovcloudapi.net
Available
Azure Germany https://storage.azure.com/

https://<account>.blob.core.cloudapi.de

https://<account>.queue.core.cloudapi.de
Available
Azure China 21Vianet https://storage.azure.com/

https://<account>.blob.core.chinacloudapi.cn

https://<account>.queue.core.chinacloudapi.cn
Available

Azure Analysis Services

Cloud Resource ID Status
Azure Global https://*.asazure.windows.net Available
Azure Government https://*.asazure.usgovcloudapi.net Available
Azure Germany https://*.asazure.cloudapi.de Available
Azure China 21Vianet https://*.asazure.chinacloudapi.cn Available

Note

Microsoft Power BI also supports managed identities.