Known issues with Managed Identities

This article discusses a couple of issues around managed identities and how to address them. Common questions about managed identities are documented in our frequently asked questions article.

VM fails to start after being moved

If you move a VM in a running state from a resource group or subscription, it continues to run during the move. However, after the move, if the VM is stopped and restarted, it will fail to start. This issue happens because the VM is not updating the reference to the managed identities for Azure resources identity and continues to point to it in the old resource group.


Trigger an update on the VM so it can get correct values for the managed identities for Azure resources. You can do a VM property change to update the reference to the managed identities for Azure resources identity. For example, you can set a new tag value on the VM with the following command:

az vm update -n <VM Name> -g <Resource Group> --set tags.fixVM=1

This command sets a new tag "fixVM" with a value of 1 on the VM.

By setting this property, the VM updates with the correct managed identities for Azure resources resource URI, and then you should be able to start the VM.

Once the VM is started, the tag can be removed by using following command:

az vm update -n <VM Name> -g <Resource Group> --remove tags.fixVM

Transferring a subscription between Azure AD directories

Managed identities do not get updated when a subscription is moved/transferred to another directory. As a result, any existent system-assigned or user-assigned managed identities will be broken.

Workaround for managed identities in a subscription that has been moved to another directory:

  • For system assigned managed identities: disable and re-enable.
  • For user assigned managed identities: delete, re-create, and attach them again to the necessary resources (for example, virtual machines)

For more information, see Transfer an Azure subscription to a different Azure AD directory.

Next steps

You can review our article listing the services that support managed identities and our frequently asked questions