Services that support managed identities for Azure resources

Article
11/08/2021
10 minutes to read

Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. Using a managed identity, you can authenticate to any service that supports Azure AD authentication without having credentials in your code. We are in the process of integrating managed identities for Azure resources and Azure AD authentication across Azure. Check back often for updates.

Note

Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).

Azure services that support managed identities for Azure resources

The following Azure services support managed identities for Azure resources:

Azure API Management

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned			Not available

Refer to the following list to configure managed identity for Azure API Management (in regions where available):

Azure Resource Manager template

Azure App Configuration

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not Available
User assigned			Not Available

Refer to the following list to configure managed identity for Azure App Configuration (in regions where available):

Azure CLI

Azure App Service

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned
User assigned

Refer to the following list to configure managed identity for Azure App Service (in regions where available):

Azure Arc-enabled Kubernetes

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Preview	Not available	Not available	Not available
User assigned	Not available	Not available	Not available	Not available

Azure Arc-enabled Kubernetes currently supports system assigned identity. The managed service identity certificate is used by all Azure Arc-enabled Kubernetes agents for communication with Azure.

Azure Arc-enabled servers

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available	Not available
User assigned	Not available	Not available	Not available	Not available

All Azure Arc-enabled servers have a system assigned identity. You cannot disable or change the system assigned identity on an Azure Arc-enabled server. Refer to the following resources to learn more about how to consume managed identities on Azure Arc-enabled servers:

Azure Automanage

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Preview	Not available	Not available	Not available
User assigned	Not available	Not available	Not available	Not available

Refer to the following document to reconfigure a managed identity if you have moved your subscription to a new tenant:

Repair a broken Automanage Account

Azure Automation

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned			Not available

Refer to the following documents to use managed identity with Azure Automation:

Azure Blueprints

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available	Not available
User assigned			Not available	Not available

Refer to the following list to use a managed identity with Azure Blueprints:

Azure Cognitive Search

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned	Not available	Not available	Not available	Not available

Azure Cognitive Services

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned	Not available	Not available	Not available	Not available

Azure Container Instances

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Linux: Preview Windows: Not available	Not available	Not available	Not available
User assigned	Linux: Preview Windows: Not available	Not available	Not available	Not available

Refer to the following list to configure managed identity for Azure Container Instances (in regions where available):

Azure Container Registry Tasks

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned		Preview	Not available	Preview
User assigned	Preview	Preview	Not available	Preview

Refer to the following list to configure managed identity for Azure Container Registry Tasks (in regions where available):

Azure CLI

Azure Data Explorer

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned	Not available	Not available	Not available	Not available

Azure Data Factory V2

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned	Not available	Not available	Not available	Not available

Refer to the following list to configure managed identity for Azure Data Factory V2 (in regions where available):

Azure portal

Azure Digital Twins

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned		Not available	Not available	Not available
User assigned	Not available	Not available	Not available	Not available

Refer to the following list to configure managed identity for Azure Digital Twins (in regions where available):

Azure portal

Azure Event Grid

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Preview	Preview	Not available	Preview
User assigned	Preview	Preview	Not available	Preview

Azure Firewall Policy

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Not available	Not available	Not available	Not available
User assigned	Preview	Not available	Not available	Not available

Azure Functions

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned
User assigned

Refer to the following list to configure managed identity for Azure Functions (in regions where available):

Azure IoT Hub

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned		Not available	Not available	Not available

Refer to the following list to configure managed identity for Azure IoT Hub (in regions where available):

For more information, please see Azure IoT Hub support for managed identities.

Azure Import/Export

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Available in the region where Azure Import Export service is available	Preview	Available	Available
User assigned	Not available	Not available	Not available	Not available

Azure Kubernetes Service (AKS)

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available	Not available
User assigned	Preview		Not available	Not available

For more information, see Use managed identities in Azure Kubernetes Service.

Azure Log Analytics cluster

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned			Not available

For more information, see how identity works in Azure Monitor

Azure Logic Apps

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not available
User assigned			Not available

Refer to the following list to configure managed identity for Azure Logic Apps (in regions where available):

Azure Machine Learning

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Preview	Not Available	Not available	Not available
User assigned	Preview	Not available	Not available	Not available

For more information, see Use managed identities with Azure Machine Learning.

Azure Media Services

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned			Not Available
User assigned	Not Available	Not Available	Not Available	Not Available

Refer to the following list to configure managed identity for Azure Media Services (in regions where available):

Azure CLI

Azure Policy

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned
User assigned	Not available	Not available	Not available	Not available

Refer to the following list to configure managed identity for Azure Policy (in regions where available):

Azure Service Fabric

Managed Identity for Service Fabric Applications is available in all regions.

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned		Not Available	Not Available	not Available
User assigned		Not Available	Not Available	Not Available

Refer to the following list to configure managed identity for Azure Service Fabric applications in all regions:

Azure Resource Manager template

Azure Spring Cloud

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned		Not Available	Not Available
User assigned	Not Available	Not Available	Not Available	Not Available

For more information, see How to enable system-assigned managed identity for applications in Azure Spring Cloud.

Azure Stack Edge

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Available in the region where Azure Stack Edge service is available	Not available	Not available	Not available
User assigned	Not available	Not available	Not available	Not available

Azure Virtual Machine Scale Sets

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned
User assigned

Refer to the following list to configure managed identity for Azure Virtual Machine Scale Sets (in regions where available):

Azure Virtual Machines

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned
User assigned

Refer to the following list to configure managed identity for Azure Virtual Machines (in regions where available):

Azure VM Image Builder

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Not Available	Not Available	Not Available	Not Available
User assigned	Available in supported regions	Not Available	Not Available	Not Available

To learn how to configure managed identity for Azure VM Image Builder (in regions where available), see the Image Builder overview.

Azure SignalR Service

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Preview	Preview	Not available	Preview
User assigned	Preview	Preview	Not available	Preview

Refer to the following list to configure managed identity for Azure SignalR Service (in regions where available):

Azure Resource Manager template

Azure Resource Mover

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned	Available in the regions where Azure Resource Mover service is available	Not available	Not available	Not available
User assigned	Not available	Not available	Not available	Not available

Refer to the following document to use Azure Resource Mover:

Azure Resource Mover

Azure services that support Azure AD authentication

The following services support Azure AD authentication, and have been tested with client services that use managed identities for Azure resources.

Azure Resource Manager

Refer to the following list to configure access to Azure Resource Manager:

Cloud	Resource ID	Status
Azure Global	`https://management.azure.com/`
Azure Government	`https://management.usgovcloudapi.net/`
Azure Germany	`https://management.microsoftazure.de/`
Azure China 21Vianet	`https://management.chinacloudapi.cn`

Azure Key Vault

Cloud	Resource ID	Status
Azure Global	`https://vault.azure.net`
Azure Government	`https://vault.usgovcloudapi.net`
Azure Germany	`https://vault.microsoftazure.de`
Azure China 21Vianet	`https://vault.azure.cn`

Azure Data Lake

Cloud	Resource ID	Status
Azure Global	`https://datalake.azure.net/`
Azure Government		Not Available
Azure Germany		Not Available
Azure China 21Vianet		Not Available

Azure Cosmos DB

Cloud	Resource ID	Status
Azure Global	`https://<account>.documents.azure.com/` `https://cosmos.azure.com`
Azure Government	`https://<account>.documents.azure.us/` `https://cosmos.azure.us`
Azure Germany	`https://<account>.documents.microsoftazure.de/` `https://cosmos.microsoftazure.de`
Azure China 21Vianet	`https://<account>.documents.azure.cn/` `https://cosmos.azure.cn`

Azure SQL

Cloud	Resource ID	Status
Azure Global	`https://database.windows.net/`
Azure Government	`https://database.usgovcloudapi.net/`
Azure Germany	`https://database.cloudapi.de/`
Azure China 21Vianet	`https://database.chinacloudapi.cn/`

Azure Data Explorer

Cloud	Resource ID	Status
Azure Global	`https://<account>.<region>.kusto.windows.net`
Azure Government	`https://<account>.<region>.kusto.usgovcloudapi.net`
Azure Germany	`https://<account>.<region>.kusto.cloudapi.de`
Azure China 21Vianet	`https://<account>.<region>.kusto.chinacloudapi.cn`

Azure Event Hubs

Cloud	Resource ID	Status
Azure Global	`https://eventhubs.azure.net`
Azure Government	`https://eventhubs.azure.net`
Azure Germany	`https://eventhubs.azure.net`
Azure China 21Vianet	`https://eventhubs.azure.net`

Azure Service Bus

Cloud	Resource ID	Status
Azure Global	`https://servicebus.azure.net`
Azure Government	`https://servicebus.azure.net`
Azure Germany	`https://servicebus.azure.net`
Azure China 21Vianet	`https://servicebus.azure.net`

Azure Storage blobs and queues

Cloud	Resource ID	Status
Azure Global	`https://storage.azure.com/` `https://<account>.blob.core.windows.net` `https://<account>.queue.core.windows.net`
Azure Government	`https://storage.azure.com/` `https://<account>.blob.core.usgovcloudapi.net` `https://<account>.queue.core.usgovcloudapi.net`
Azure Germany	`https://storage.azure.com/` `https://<account>.blob.core.cloudapi.de` `https://<account>.queue.core.cloudapi.de`
Azure China 21Vianet	`https://storage.azure.com/` `https://<account>.blob.core.chinacloudapi.cn` `https://<account>.queue.core.chinacloudapi.cn`

Azure Analysis Services

Cloud	Resource ID	Status
Azure Global	`https://*.asazure.windows.net`
Azure Government	`https://*.asazure.usgovcloudapi.net`
Azure Germany	`https://*.asazure.cloudapi.de`
Azure China 21Vianet	`https://*.asazure.chinacloudapi.cn`

Azure Communication Services

Managed identity type	All Generally Available Global Azure Regions	Azure Government	Azure Germany	Azure China 21Vianet
System assigned		Not available	Not available	Not available
User assigned		Not available	Not available	Not available

Note

You can use Managed Identities to authenticate an Azure Stream analytics job to Power BI.

Services that support managed identities for Azure resources

Please rate your experience

Azure services that support managed identities for Azure resources

Azure API Management

Azure App Configuration

Azure App Service

Azure Arc-enabled Kubernetes

Azure Arc-enabled servers

Azure Automanage

Azure Automation

Azure Blueprints

Azure Cognitive Search

Azure Cognitive Services

Azure Container Instances

Azure Container Registry Tasks

Azure Data Explorer

Azure Data Factory V2

Azure Digital Twins

Azure Event Grid

Azure Firewall Policy

Azure Functions

Azure IoT Hub

Azure Import/Export

Azure Kubernetes Service (AKS)

Azure Log Analytics cluster

Azure Logic Apps

Azure Machine Learning

Azure Media Services

Azure Policy

Azure Service Fabric

Azure Spring Cloud

Azure Stack Edge

Azure Virtual Machine Scale Sets

Azure Virtual Machines

Azure VM Image Builder

Azure SignalR Service

Azure Resource Mover

Azure services that support Azure AD authentication

Azure Resource Manager

Azure Key Vault

Azure Data Lake

Azure Cosmos DB

Azure SQL

Azure Data Explorer

Azure Event Hubs

Azure Service Bus

Azure Storage blobs and queues

Azure Analysis Services

Azure Communication Services

Feedback