How to automate the authentication through System Assigned Managed Identity between Linux VM and Storage Account to mount a Blob container?

Galgani, Stefano 205 Reputation points
2023-07-25T10:54:30.9133333+00:00

Hi All,

my context is composed from a Linux VM and Storage account with a blob container.
I need to mount a blob container on the Linux VM through BlobFuse2 lib.

I have read about authentication there are 4 types:

  • key
  • sas
  • spn
  • msi

I want to use msi (Managed System Identity) type to grant Linux VM to storage account and implementing the set up process through cloud automation

Manually steps to set up MSI link
BlobFuse2 base configuration file link

About MSI properties:

  appid: 
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,260 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,963 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,268 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee
    2023-07-26T06:12:14.8366667+00:00

    @Galgani, Stefano Welcome to Microsoft Q&A, Thank you for posting your here!!

    When you enable System Assigned Managed Service Identity for your Linux VM it creates a Service Principal (visible under Enterprise applications in Azure Portal).

    Even though you can only see the Object ID in Identity blade on Linux VM, but you can find a few more details including Application ID (or Client ID as you ask) by going to Azure Portal > Azure Active Directory > Enterprise Applications > All Applications > Relevant Service Principal (you can figure out using display name which is same as your Linux VM or the Object ID). More detailed steps along with screenshots below.

    Please note that even though you can get to Application ID and some details for MSI, you will not find an actual app registration for it.

    • For example, I have an VM named "Test1" as shown hereUser's image
    • Go to Azure Portal > Azure Active Directory > Enterprise Applications > All Applications User's image
    • Go to the properties of Service Principal for more details. User's image

    Hope this helps!
    Kindly let us know if the above helps or you need further assistance on this issue.


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.