I have a requirement to grant and remove access to TDE keys in Keyvault for Managed Instances using powershell. As per the below documentation, Microsoft suggests to use the below code to get the objectid of the Managed instance and use it to set the policy in the key vault
$managedInstance = Get-AzSqlInstance -Name 'ContosoManagedInstanceName' -ResourceGroupName 'ContosoResourceGroup' Set-AzKeyVaultAccessPolicy -VaultName ContosoVault -ObjectId $managedInstance.Identity.PrincipalId -PermissionsToKeys get, wrapKey, unwrapKey
But the above command doesn't work for me because the identity property, which i have marked in red is empty
I checked all the MI's in our inventory and they are all empty, But I can assign permissions to the Keys in the vault easily using the Azure portal, which also shows the GUID(object id) of the Managed instance while selecting the principal. Does anyone know why the identity property is empty for Get-AzSqlInstance, is there any other way I can accomplish this using PowerShell?
