System-assigned managed identities are preferred in scenarios where each resource requires its own unique identity and permissions, and the identity should be deleted when the resource is deleted. Here are some examples:
1. Audit Logging and Compliance: If you need to log which specific resource carried out an action, system-assigned identities are beneficial. This is because each resource has its own identity, making it easier to track actions by resource rather than by a shared identity[5].
2. Permissions Lifecycle Management: In cases where permissions for a resource should be removed along with the resource, system-assigned identities are ideal. This ensures that when a resource is deleted, its associated permissions are automatically removed, reducing the risk of orphaned permissions[5].
3. Workloads Requiring Independent Entities: For applications running on a single virtual machine or similar scenarios where each resource needs to operate independently with its own set of permissions, system-assigned identities are suitable. They provide a straightforward way to manage access without the complexity of shared identities[1][2].
4. Rapid Resource Creation without Shared Access: While user-assigned identities are generally better for rapid resource creation due to rate limits on service principal creation, system-assigned identities can still be used if each resource requires unique permissions and does not need to share an identity with other resources[5]. However, this scenario is less common due to the potential for exceeding service principal creation limits.
Citations:
[1] https://www.varonis.com/blog/azure-managed-identities
[2] https://laurakokkarinen.com/authenticate-to-entra-id-protected-apis-with-managed-identity-no-key-vault-required/
[3] https://www.adaptiv.nz/azure-managed-identities-why-are-you-not-using-them-everywhere/
[4] https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview-for-developers
[5] https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identity-best-practice-recommendations
[6] https://docs.azure.cn/en-us/entra/identity/managed-identities-azure-resources/how-manage-user-assigned-managed-identities
[7] https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity
[8] https://stackoverflow.com/questions/75930046/how-to-run-azure-function-locally-using-user-assigned-managed-identity-configura