Managed Identity is an Azure Resource Identity which will be registered with the Azure Active Directory register. Once the resource has an identity, it can be granted access to other resources in Azure using that identity, and your application can then use that identity to access these resources.

One of the challenge developer facing is keeping the secret key secured may credentials or token. These credentials need to be stored in source code in the configuration file or some other place. Managed Identity comes into the picture to solve this issue without storing our credentials anywhere.

Best of all, it’s free! There’s no additional cost to using managed identities in Azure.

There are two kinds of managed identities, a system-assigned managed identity and a user-assigned managed identity.

System-assigned managed identity:

A system-assigned identity is enabled directly on an Azure resource instance. Doing so an identity will be created in Azure AD based on this resource. Using this, we can assign access to other azure resources and access them without storing the credentials. Once this identity is removed, Azure automatically cleans up the credentials and the identity in Azure AD.

For example – System-assigned identity created in Azure function can be assigned to Azure Key vault and access the secret key without using any credentials.

User-assigned managed identity:

A user-assigned identity is created as a standalone Azure resource created in Azure AD. Once created, this can assign to another one or more azure resource to access it. For example – This identity can be assigned to Azure VM and Blob storage. So that, users can access the Blob storage files without any credentials from this Azure VM.

How to assign identity:

We can assign the identity to azure resources using either PowerShell, Azure CLI, or directly via the Azure Portal.