Configure a VM Managed Service Identity (MSI) using the Azure portal

Managed Service Identity (MSI) is a preview feature of Azure Active Directory. Make sure you review the known issues before you begin. For more information about previews, see Supplemental Terms of Use for Microsoft Azure Previews.

Managed Service Identity provides Azure services with an automatically managed identity in Azure Active Directory. You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code.

In this article, you will learn how to enable and remove MSI for an Azure VM, using the Azure portal.

Prerequisites

If you're unfamiliar with MSI, check out the Managed Service Identity overview.

If you don't already have an Azure account, sign up for a free account before continuing.

Enable MSI during creation of an Azure VM

As of the time of this writing, enabling MSI during creation of a VM in the Azure portal is not supported. Instead, please refer to one of the following VM creation Quickstart articles to first create a VM:

Then proceed to the next section for details on enabling MSI on the VM.

Enable MSI on an existing Azure VM

If you have a VM that was originally provisioned without an MSI:

  1. Sign in to the Azure portal using an account associated with the Azure subscription that contains the VM. Also make sure your account belongs to a role that gives you write permissions on the VM, such as “Virtual Machine Contributor”.

  2. Navigate to the desired Virtual Machine.

  3. Click the "Configuration" page, enable MSI on the VM by selecting "Yes" under "Managed service identity", then click Save. This operation can take 60 seconds or more to complete:

    Configuration page screenshot

Remove MSI from an Azure VM

If you have a Virtual Machine that no longer needs an MSI:

  1. Sign in to the Azure portal using an account associated with the Azure subscription that contains the VM. Also make sure your account belongs to a role that gives you write permissions on the VM, such as “Virtual Machine Contributor”.

  2. Navigate to the desired Virtual Machine.

  3. Click the "Configuration" page, remove MSI from the VM by selecting "No" under "Managed service identity", then click Save. This operation can take 60 seconds or more to complete:

    Configuration page screenshot

Next steps

Use the following comments section to provide feedback and help us refine and shape our content.