No option to use managed identity in azure devops to connecti with container registry

Question

I'd like to create connection between pipeline in Azure devops and container registry. Admins created Managed identity for me. I'd like to use that one but there is no way.

According to guide: https://learn.microsoft.com/en-us/azure/devops/pipelines/ecosystems/containers/publish-to-acr?view=azure-devops&tabs=javascript%2Cportal%2Cmsi&fbclid=IwAR2bV28HzRs8v-qTXuo592KU5KxOFnNsOvhxpNx0ZCBYfz2OPnYXWh7rqUs

I should be able to create connection with Authentication type: Managed Service Identity like on below screen:

In my case there is no way so select this option. I can only select Service Principial in Authentication type :

That's not what I want. Why is that? Is it related to lack of some permission? Is it maybe forbidden to connect via azure managed identity in the newest azure devops version?. I would be grateful for the answer.

Answer 1

I tried to reproduce your scenario in my environment and got below results:-

When I tried to Create a Service Connection with docker registry even I did not receive any option to Select Managed Service Identity refer below:-

I went to my Project settings and tried creating a service connection with Azure DevOps Managed Identity like below:-

Alternatively:-
You can create Managed Service Identity separately in Azure DevOps by selecting azure Resource Management tab like below:-

1. Create a managed Identity for your resource
2. Set Azure role assignments to the managed identity
3. Create Service connection for that managed identity like above
4. Include the service connection in the pipeline like below:-

- task: AzureCLI@2

inputs:

azureSubscription: 'acr12325'

Reference:-

Service connections in Azure Pipelines - Azure Pipelines | Microsoft Learn

Answer 2

Apparently, as MS Support confirmed recently and contrary to what MS documentation says it is not supported :-(