Assign a managed identity access to a resource by using the Azure portal

Managed identities for Azure resources is a feature of Azure Active Directory. Each of the Azure services that support managed identities for Azure resources are subject to their own timeline. Make sure you review the availability status of managed identities for your resource and known issues before you begin.

After you've configured an Azure resource with a managed identity, you can give the managed identity access to another resource, just like any security principal. This article shows you how to give an Azure virtual machine or virtual machine scale set's managed identity access to an Azure storage account, by using the Azure portal.

Prerequisites

Use RBAC to assign a managed identity access to another resource

After you've enabled managed identity on an Azure resource, such as an Azure VM or Azure VMSS:

  1. Sign in to the Azure portal using an account associated with the Azure subscription under which you have configured the managed identity.

  2. Navigate to the desired resource on which you want to modify access control. In this example, we are giving an Azure virtual machine access to a storage account, so we navigate to the storage account.

  3. Select the Access control (IAM) page of the resource, and select + Add role assignment. Then specify the Role, Assign access to, and specify the corresponding Subscription. Under the search criteria area, you should see the resource. Select the resource, and select Save.

    Access control (IAM) screenshot

Next steps