Enabling system-assigned managed identities for Azure VMs is a straightforward process that enhances security by allowing VMs to authenticate with Azure services without needing credentials stored on the VM. Here's how to do it:
1. Access the Azure Portal: Sign in to the Azure portal using an account associated with the Azure subscription that contains the VM you want to configure.
2. Navigate to the VM: In the left navigation pane, click on Virtual machines. From the list of virtual machines, search for and select the VM you want to enable with a managed identity.
3. Enable Managed Identity: Once you've selected the VM, click on the Identity tab in the VM's settings. Under the System assigned tab, toggle the Status switch to On and then click Save. This action registers the VM with Azure Active Directory and enables managed identity authentication for the VM.
4. Assign Roles (Optional): If you need to grant specific permissions to the VM, navigate to the Subscriptions section, select the appropriate subscription, and go to the Access control (IAM) tab. Click Add and then select Add role assignment. Choose the desired role (e.g., Contributor**) and assign it to the managed identity of your VM.
5. Verify Configuration: Ensure that the managed identity is correctly configured by checking the VM's identity settings and verifying that it can access Azure resources as expected.
This process can also be automated using Azure CLI or PowerShell for more complex deployments or when managing multiple VMs. For example, you can use the Azure CLI command `az vm create` with the `--assign-identity` parameter to create a new VM with a system-assigned managed identity enabled[2].
Citations:
[1] https://documentation.commvault.com/11.20/setting_up_managed_identities_for_azure_resources_01.html
[2] https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-configure-managed-identities
[3] https://www.varonis.com/blog/azure-managed-identities
[4] https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-configure-managed-identities-scale-sets
[5] https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/tutorial-windows-vm-access
[6] https://docs.azure.cn/en-us/spring-apps/basic-standard/how-to-enable-system-assigned-managed-identity
[7] https://docs.azure.cn/en-us/entra/identity/managed-identities-azure-resources/how-to-configure-managed-identities-scale-sets
[8] https://www.azadvertizer.net/azpolicyadvertizer/17b3de92-f710-4cf4-aa55-0e7859f1ed7b.html