0
0
AzureConceptBeginner · 4 min read

Managed Identity in Azure: What It Is and How It Works

A managed identity in Azure is a feature that lets Azure services securely access other resources without needing to store credentials. It works like an automatically managed user identity that Azure creates and controls for your service to use when connecting to other services.
⚙️

How It Works

Imagine you have a robot that needs a key to open different doors in a building. Instead of giving the robot a physical key that it could lose, the building automatically gives the robot a special badge that works only for the doors it needs to open. This badge is managed by the building and can be taken away or renewed anytime.

In Azure, a managed identity works like that badge. When you enable managed identity for an Azure service (like a virtual machine or an app), Azure creates and manages an identity for that service. This identity can be used to get tokens to access other Azure resources securely, without you having to handle passwords or keys.

This means your service can prove who it is to other services safely and easily. Azure takes care of creating, rotating, and protecting the credentials behind the scenes.

💻

Example

This example shows how to use a managed identity in an Azure Function to access an Azure Key Vault secret without storing any credentials.

python
import os
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

# URL of your Azure Key Vault
key_vault_url = os.environ["KEY_VAULT_URL"]

# Use DefaultAzureCredential which supports managed identity
credential = DefaultAzureCredential()

# Create a client to access secrets
client = SecretClient(vault_url=key_vault_url, credential=credential)

# Retrieve a secret named 'MySecret'
secret = client.get_secret("MySecret")
print(f"Secret value: {secret.value}")
Output
Secret value: <the secret's value>
🎯

When to Use

Use managed identity when you want your Azure services to access other Azure resources securely without managing passwords or keys yourself. It is ideal for scenarios like:

  • Accessing Azure Key Vault to get secrets or certificates
  • Connecting to Azure SQL Database or Cosmos DB securely
  • Calling Azure Resource Manager APIs from your app
  • Running automated scripts or functions that need resource access

This reduces the risk of credential leaks and simplifies security management.

Key Points

  • Managed identity is automatically created and managed by Azure.
  • No need to store or rotate credentials manually.
  • Supports system-assigned and user-assigned identities.
  • Works with many Azure services for secure resource access.
  • Improves security by eliminating secrets in code or config files.

Key Takeaways

Managed identity lets Azure services access resources securely without credentials.
Azure automatically creates and manages the identity and its credentials.
Use it to simplify and secure access to Azure services like Key Vault and databases.
It eliminates the need to store secrets in your code or configuration.
Supports both system-assigned and user-assigned identities for flexibility.

Related by keyword

How to Use Managed Identity in Azure App ServiceApp ServiceWhat Is Managed Disk in Azure: Simple Explanation and ExampleVirtual MachinesAzure Free Tier: What It Is and How It WorksGetting StartedAzure Function Pricing: How It Works and When to UseAzure FunctionsOutput Binding in Azure Functions: What It Is and How It WorksAzure Functions

Up next

What is Azure Used For: Key Uses and ExamplesWhat is Microsoft Azure: Overview and Use CasesHow to Attach a Disk to an Azure VM: Step-by-Step GuideHow to Choose VM Size in Azure: A Simple Guide

More in Azure AD and Identity

Azure AD B2B vs B2C: Key Differences and When to Use EachHow to Assign Role in Azure: Step-by-Step GuideHow to Create a Group in Azure AD Quickly and EasilyHow to Create a Service Principal in Azure: Step-by-Step Guide