Share via

Virtual Machine and set up a managed identity

Missi 40 Reputation points
2025-02-28T20:33:29.9833333+00:00

I recently created an Azure Virtual Machine and set up a managed identity for it. However, when I try to use the identity to access an Azure Key Vault, I keep getting an 'Authorization Failed' error. I’ve already assigned the necessary permissions in the Key Vault’s access policies, but the issue persists. I even tried restarting the VM to refresh the token, but no luck.

Azure Virtual Machines
Azure Virtual Machines

An Azure service that is used to provision Windows and Linux virtual machines.

0 comments

Answer accepted by question author

Taz 9,366 Reputation points MVP Volunteer Moderator
2025-02-28T20:35:36.61+00:00

Hello,

If you've assigned the correct permissions and restarted the VM, a few other things could be causing the issue:

  1. Check Token Retrieval: Run the following command inside the VM to confirm it’s getting an access token: 
       
   curl "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://vault.azure.net" -H "Metadata: true"
    If it fails, the managed identity might not be enabled properly.
  2. Verify Role Assignments: If you're using Azure RBAC (instead of access policies), ensure the VM's identity has the Key Vault Secrets User role assigned at the right scope.
  3. Check Key Vault Firewall Settings: If your Key Vault is restricted to specific networks, make sure the VM’s outbound IP is allowed or enable private endpoint access.
  4. Try these steps and let me know if the issue persists!

✨ Please Upvote and Accept the Answer if it helps! ✨

Thanks & Regards,

Tasadduq Burney

(Microsoft MVP & MCT)

(Azure 15x)

Was this answer helpful?

1 person found this answer helpful.
0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.