-1

When using Azure Managed Identity in the App Service/Functions, the endpoint and header are available as environment variables.

When using Azure Managed Identity in Virtual Machine, the endpoint is published as the Azure Instance Metadata service (IMDS) (http://169.254.169.254/metadata/identity/oauth2/token), accessible only from within the VM.

On a VM, is the endpoint set as an environment variable (MSI_ENDPOINT)?

On a VM, is there an indication whether managed identity is enabled?

Ideally, my code can simply check for that variable. Otherwise, I need to check the variable and make a call to the IMDS.

Paul Schaeflein
  • 607
  • 3
  • 11
  • Any more questions? Does it solve your problem? If yes, please accept it. If no, give the response. – Charles Xu Feb 19 '20 at 03:39
  • Any updates? I didn't see anything, solved the problem or not. What I'm doing is to help you solve the problem. Please give the response. – Charles Xu Feb 21 '20 at 01:38

1 Answers1

0

The Azure Managed Identity is different between App Service/Functions and VM. As you know, the App Service/Functions use the Managed Identity through the environment variables MSI_ENDPOINT and MSI_SECRET as it shows here.

But for VM, it does not set the environment variables, you will get the access token from a server inside the Azure and it cannot access outside. Here are ways to get the access token for the VMS.

The indication for the Managed Identity of the VM, I think you can get the VM identity property and it will show you if it enables the Managed Identity and which type is used. For example, I use the Azure CLI and it shows like this:

enter image description here

Charles Xu
  • 29,862
  • 2
  • 22
  • 39