Assign a managed identity access to a resource by using the Azure portal
Managed identities for Azure resources is a feature of Microsoft Entra ID. Each of the Azure services that support managed identities for Azure resources are subject to their own timeline. Make sure you review the availability status of managed identities for your resource and known issues before you begin.
After you've configured an Azure resource with a managed identity, you can give the managed identity access to another resource, just like any security principal. This article shows you how to give an Azure virtual machine or virtual machine scale set's managed identity access to an Azure storage account, by using the Azure portal.
- If you're unfamiliar with managed identities for Azure resources, check out the overview section. Be sure to review the difference between a system-assigned and user-assigned managed identity.
- If you don't already have an Azure account, sign up for a free account before continuing.
Use Azure RBAC to assign a managed identity access to another resource
Steps in this article may vary slightly based on the portal you start from.
The steps outlined below show is how you grant access to a service using Azure RBAC. Check specific service documentation on how to grant access - for example check Azure Data Explorer for instructions. Some Azure services are in the process of adopting Azure RBAC on the data plane
Sign in to the Azure portal using an account associated with the Azure subscription under which you have configured the managed identity.
Navigate to the desired resource on which you want to modify access control. In this example, we are giving an Azure virtual machine access to a storage account, so we navigate to the storage account.
Select Access control (IAM).
Select Add > Add role assignment to open the Add role assignment page.
Select the role and managed identity. For detailed steps, see Assign Azure roles using the Azure portal.
- Managed identity for Azure resources overview
- To enable managed identity on an Azure virtual machine, see Configure managed identities for Azure resources on a VM using the Azure portal.
- To enable managed identity on an Azure virtual machine scale set, see Configure managed identities for Azure resources on a virtual machine scale set using the Azure portal.