This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 59%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi,
Re: Microsoft Defender for Cloud,
When adding particular regulatory polices to a subscription, a Managed Identity is required and assigned to the targeted subscription.
The problem is, these Managed Identities that're created have obscure names, making it difficult to associate to anything. Concerning is these obscurely named Managed Identities are assigned Contributor access to the subscription.
Moreover, their properties within Enterprise applications such as their description cannot be edited to provide some meaningful internal description when trying to associate their purpose.
This can become difficult to manage once several of these policies/regulatory standards are applied to the subscription, requiring randomly named Managed Identities.
Is there any tips or advice to map/trace Managed Identities to their associated policies? Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Simon Magrin ,
Thanks for your question! Apart from naming conventions and querying by PrincipalID I am not certain what the recommended approach for this is, so I have reached out to the product team to ask for the best practices and will get back with my findings.
Hi @Marilee Turscak-MSFT for your reply and looking forward to any further updates.
There's some small snippet of info that this Managed Identity belongs to a Policy but there's no direct/clear mapping that I was hoping for:
