Configure managed identities for Azure resources on a VM using the Azure portal

Managed identities for Azure resources is a feature of Azure Active Directory. Each of the Azure services that support managed identities for Azure resources are subject to their own timeline. Make sure you review the availability status of managed identities for your resource and known issues before you begin.

Managed identities for Azure resources provides Azure services with an automatically managed identity in Azure Active Directory. You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code.

In this article, you learn how to enable and disable system and user-assigned managed identities for an Azure Virtual Machine (VM), using the Azure portal.

Prerequisites

  • If you're unfamiliar with managed identities for Azure resources, check out the overview section.
  • If you don't already have an Azure account, sign up for a free account before continuing.
  • To perform the management operations in this article, your account needs the following Azure role based access control assignments:

    Note

    No additional Azure AD directory role assignments required.

System-assigned managed identity

In this section, you learn how to enable and disable the system-assigned managed identity for VM using the Azure portal.

Enable system-assigned managed identity during creation of a VM

Currently, the Azure portal does not support enabling system-assigned identity during the creation of a VM. Instead, refer to one of the following VM creation Quickstart articles to first create a VM, and then proceed to the next section for details on enabling system-assigned identity on the VM:

Enable system-assigned managed identity on an existing VM

To enable the system-assigned managed identity on a VM that was originally provisioned without it:

  1. Sign in to the Azure portal using an account associated with the Azure subscription that contains the VM.

  2. Navigate to the desired Virtual Machine and select Identity.

  3. Under System assigned, Status, select On and then click Save:

    Configuration page screenshot

Remove system-assigned managed identity from a VM

If you have a Virtual Machine that no longer needs system-assigned managed identity:

  1. Sign in to the Azure portal using an account associated with the Azure subscription that contains the VM.

  2. Navigate to the desired Virtual Machine and select Identity.

  3. Under System assigned, Status, select Off and then click Save:

    Configuration page screenshot

User-assigned managed identity

In this section, you learn how to add and remove a user-assigned managed identity from a VM using the Azure portal.

Assign a user-assigned identity during the creation of a VM

Currently, the Azure portal does not support assigning a user-assigned managed identity during the creation of a VM. Instead, refer to one of the following VM creation Quickstart articles to first create a VM, and then proceed to the next section for details on assigning a user-assigned managed identity to the VM:

Assign a user-assigned managed identity to an existing VM

  1. Sign in to the Azure portal using an account associated with the Azure subscription that contains the VM.
  2. Navigate to the desired VM and click Identity, User assigned and then +Add.

    Add user-assigned managed identity to VM

  3. Click the user-assigned identity you want to add to the VM and then click Add.

    Add user-assigned managed identity to VM

Remove a user-assigned managed identity from a VM

  1. Sign in to the Azure portal using an account associated with the Azure subscription that contains the VM.
  2. Navigate to the desired VM and click Identity, User assigned, the name of the user-assigned managed identity you want to delete and then click Remove (click Yes in the confirmation pane).

    Remove user-assigned managed identity from a VM

Next steps