Services that support managed identities for Azure resources

Managed identities for Azure resources provide Azure services with an automatically managed identity in Azure Active Directory. Using a managed identity, you can authenticate to any service that supports Azure AD authentication without having credentials in your code. We are in the process of integrating managed identities for Azure resources and Azure AD authentication across Azure. Check back often for updates.

Note

Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).

Azure services that support managed identities for Azure resources

The following Azure services support managed identities for Azure resources:

Azure API Management

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Preview Preview Not available Preview

Refer to the following list to configure managed identity for Azure API Management (in regions where available):

Azure App Configuration

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not Available Available
User assigned Available Available Not Available Available

Refer to the following list to configure managed identity for Azure App Configuration (in regions where available):

Azure App Service

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Available Available
User assigned Available Available Available Available

Refer to the following list to configure managed identity for Azure App Service (in regions where available):

Azure Arc enabled Kubernetes

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Not available Not available Not available
User assigned Not available Not available Not available Not available

Azure Arc enabled Kubernetes currently supports system assigned identity. The managed service identity certificate is used by all Azure Arc enabled Kubernetes agents for communication with Azure.

Azure Arc enabled servers

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Not available
User assigned Not available Not available Not available Not available

All Azure Arc enabled servers have a system assigned identity. You cannot disable or change the system assigned identity on an Azure Arc enabled server. Refer to the following resources to learn more about how to consume managed identities on Azure Arc enabled servers:

Azure Automanage

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Not available Not available Not available
User assigned Not available Not available Not available Not available

Refer to the following document to reconfigure a managed identity if you have moved your subscription to a new tenant:

Azure Automation

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Not available
User assigned Not available Not available Not available Not available

Refer to the following documents to use managed identity with Azure Automation:

Azure Blueprints

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Not available
User assigned Available Available Not available Not available

Refer to the following list to use a managed identity with Azure Blueprints:

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Azure Cognitive Services

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Azure Communication Services

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Not available Not available Not available
User assigned Available Not available Not available Not available

Azure Container Instances

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Linux: Preview
Windows: Not available
Not available Not available Not available
User assigned Linux: Preview
Windows: Not available
Not available Not available Not available

Refer to the following list to configure managed identity for Azure Container Instances (in regions where available):

Azure Container Registry Tasks

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Not available Not available Not available
User assigned Preview Not available Not available Not available

Refer to the following list to configure managed identity for Azure Container Registry Tasks (in regions where available):

Azure Data Explorer

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Azure Data Factory V2

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Refer to the following list to configure managed identity for Azure Data Factory V2 (in regions where available):

Azure Digital Twins

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Not available Not available Not available
User assigned Not available Not available Not available Not available

Refer to the following list to configure managed identity for Azure Digital Twins (in regions where available):

Azure Event Grid

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Preview Not available Preview
User assigned Not available Not available Not available Not available

Azure Firewall Policy

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Not available Not available Not available Not available
User assigned Preview Not available Not available Not available

Azure Functions

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Available Available
User assigned Available Available Available Available

Refer to the following list to configure managed identity for Azure Functions (in regions where available):

Azure IoT Hub

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Not available Not available Not available Not available

Refer to the following list to configure managed identity for Azure IoT Hub (in regions where available):

Azure Import/Export

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available in the region where Azure Import Export service is available Preview Available Available
User assigned Not available Not available Not available Not available

Azure Kubernetes Service (AKS)

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Not available
User assigned Preview Available Not available Not available

For more information, see Use managed identities in Azure Kubernetes Service.

Azure Log Analytics cluster

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Available Available Not available Available

For more information, see how identity works in Azure Monitor

Azure Logic Apps

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Not available Available
User assigned Available Available Not available Available

Refer to the following list to configure managed identity for Azure Logic Apps (in regions where available):

Azure Machine Learning

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Not Available Not available Not available
User assigned Preview Not available Not available Not available

For more information, see Use managed identities with Azure Machine Learning.

Azure Policy

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Available Available
User assigned Not available Not available Not available Not available

Refer to the following list to configure managed identity for Azure Policy (in regions where available):

Azure Service Fabric

Managed Identity for Service Fabric Applications is available in all regions.

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Not Available Not Available not Available
User assigned Available Not Available Not Available Not Available

Refer to the following list to configure managed identity for Azure Service Fabric applications in all regions:

Azure Spring Cloud

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Not Available Not Available Available
User assigned Not Available Not Available Not Available Not Available

For more information, see How to enable system-assigned managed identity for Azure Spring Cloud application.

Azure Stack Edge

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available in the region where Azure Stack Edge service is available Not available Not available Not available
User assigned Not available Not available Not available Not available

Azure Virtual Machine Scale Sets

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Available Available
User assigned Available Available Available Available

Refer to the following list to configure managed identity for Azure Virtual Machine Scale Sets (in regions where available):

Azure Virtual Machines

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available Available Available Available
User assigned Available Available Available Available

Refer to the following list to configure managed identity for Azure Virtual Machines (in regions where available):

Azure VM Image Builder

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Not Available Not Available Not Available Not Available
User assigned Available in supported regions Not Available Not Available Not Available

To learn how to configure managed identity for Azure VM Image Builder (in regions where available), see the Image Builder overview.

Azure SignalR Service

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Preview Preview Not available Preview
User assigned Preview Preview Not available Preview

Refer to the following list to configure managed identity for Azure SignalR Service (in regions where available):

Azure Resource Mover

Managed identity type All Generally Available
Global Azure Regions
Azure Government Azure Germany Azure China 21Vianet
System assigned Available in the regions where Azure Resource Mover service is available Not available Not available Not available
User assigned Not available Not available Not available Not available

Refer to the following document to use Azure Resource Mover:

Azure services that support Azure AD authentication

The following services support Azure AD authentication, and have been tested with client services that use managed identities for Azure resources.

Azure Resource Manager

Refer to the following list to configure access to Azure Resource Manager:

Cloud Resource ID Status
Azure Global https://management.azure.com/ Available
Azure Government https://management.usgovcloudapi.net/ Available
Azure Germany https://management.microsoftazure.de/ Available
Azure China 21Vianet https://management.chinacloudapi.cn Available

Azure Key Vault

Cloud Resource ID Status
Azure Global https://vault.azure.net Available
Azure Government https://vault.usgovcloudapi.net Available
Azure Germany https://vault.microsoftazure.de Available
Azure China 21Vianet https://vault.azure.cn Available

Azure Data Lake

Cloud Resource ID Status
Azure Global https://datalake.azure.net/ Available
Azure Government Not Available
Azure Germany Not Available
Azure China 21Vianet Not Available

Azure SQL

Cloud Resource ID Status
Azure Global https://database.windows.net/ Available
Azure Government https://database.usgovcloudapi.net/ Available
Azure Germany https://database.cloudapi.de/ Available
Azure China 21Vianet https://database.chinacloudapi.cn/ Available

Azure Data Explorer

Cloud Resource ID Status
Azure Global https://<account>.<region>.kusto.windows.net Available
Azure Government https://<account>.<region>.kusto.usgovcloudapi.net Available
Azure Germany https://<account>.<region>.kusto.cloudapi.de Available
Azure China 21Vianet https://<account>.<region>.kusto.chinacloudapi.cn Available

Azure Event Hubs

Cloud Resource ID Status
Azure Global https://eventhubs.azure.net Available
Azure Government Not Available
Azure Germany Not Available
Azure China 21Vianet Not Available

Azure Service Bus

Cloud Resource ID Status
Azure Global https://servicebus.azure.net Available
Azure Government Available
Azure Germany Not Available
Azure China 21Vianet Not Available

Azure Storage blobs and queues

Cloud Resource ID Status
Azure Global https://storage.azure.com/

https://<account>.blob.core.windows.net

https://<account>.queue.core.windows.net
Available
Azure Government https://storage.azure.com/

https://<account>.blob.core.usgovcloudapi.net

https://<account>.queue.core.usgovcloudapi.net
Available
Azure Germany https://storage.azure.com/

https://<account>.blob.core.cloudapi.de

https://<account>.queue.core.cloudapi.de
Available
Azure China 21Vianet https://storage.azure.com/

https://<account>.blob.core.chinacloudapi.cn

https://<account>.queue.core.chinacloudapi.cn
Available

Azure Analysis Services

Cloud Resource ID Status
Azure Global https://*.asazure.windows.net Available
Azure Government https://*.asazure.usgovcloudapi.net Available
Azure Germany https://*.asazure.cloudapi.de Available
Azure China 21Vianet https://*.asazure.chinacloudapi.cn Available

Note

Microsoft Power BI also supports managed identities.