Microsoft.ManagedIdentity userAssignedIdentities

Bicep resource definition

The userAssignedIdentities resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ManagedIdentity/userAssignedIdentities resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
}

Property values

userAssignedIdentities

Name Description Value
name The resource name string (required)

Character limit: 3-128

Valid characters:
Alphanumerics, hyphens, and underscores

Start with letter or number.
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
Create a WordPress site

Deploy to Azure
This template creates a WordPress site on Container Instance
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
Azure Image Builder with Azure Windows Baseline

Deploy to Azure
Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Import VHD Blobs from a ZIP Archive URL

Deploy to Azure
Deploying Virtual Machines based on specialized disk images requires to import VHD files into a Storage Account. In the case there are multiple VHD files compressed in a single ZIP and you got the URL to fetch the ZIP archive, this ARM template will ease the job: Download, Extract and Import into an existing Storage Account Blob Container.
Create a user-assigned managed identity and role assignment

Deploy to Azure
This module allows you to create a user-assigned managed identity and a role assignment scoped to the resource group.
Create an API Management service with SSL from KeyVault

Deploy to Azure
This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours.
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Deploy a simple Azure Spring Apps microservice application

Deploy to Azure
This template deploys a simple Azure Spring Apps microservice application to run on Azure.
RBAC - Create Managed Identity Access on Azure Maps account

Deploy to Azure
This template creates a Managed Identity and assigns it access to an a created Azure Maps account.
Create alert rule for azure business continuity items

Deploy to Azure
This templates creates an alert rule and user assigned MSI. It also assigns the MSI reader access to the subscription so that the alert rule has access to query the required protected items and latest recovery point details.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Create an on-demand SFTP Server with persistent storage

Deploy to Azure
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
FinOps hub

Deploy to Azure
This template creates a new FinOps hub instance, including Data Lake storage and a Data Factory.
AzureDatabricks Template with Default Storage Firewall

Deploy to Azure
This template allows you to create an Default Storage Firewall enabled Azure Databricks workspace with Privateendpoint, all three forms of CMK, and User-Assigned Access Connector.
Configure Dev Box service

Deploy to Azure
This template would create all Dev Box admin resources as per Dev Box quick start guide (https://learn.microsoft.com/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box.
Deploy the MedTech service including an Azure IoT Hub

Deploy to Azure
The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service.
Create key vault, managed identity, and role assignment

Deploy to Azure
This template creates a key vault, managed identity, and role assignment.
Azure Container Service (AKS) with Helm

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS) with Helm
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Create an Application Gateway V2 with Key Vault

Deploy to Azure
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway.
Testing environment for Azure Firewall Premium

Deploy to Azure
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Build container images with ACR Tasks

Deploy to Azure
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo.
Import Container Images into ACR

Deploy to Azure
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry.
Create Application Gateway with Certificates

Deploy to Azure
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Create ssh-keys and store in KeyVault

Deploy to Azure
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
Deploys a static website

Deploy to Azure
Deploys a static website with a backing storage account
Web App with Managed Identity, SQL Server and ΑΙ

Deploy to Azure
Simple example to deploy Azure infrastructure for app + data + managed identity + monitoring
Create an Azure Virtual Network Manager and sample VNETs

Deploy to Azure
This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types.

ARM template resource definition

The userAssignedIdentities resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ManagedIdentity/userAssignedIdentities resource, add the following JSON to your template.

{
  "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
  "apiVersion": "2023-01-31",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  }
}

Property values

userAssignedIdentities

Name Description Value
type The resource type 'Microsoft.ManagedIdentity/userAssignedIdentities'
apiVersion The resource api version '2023-01-31'
name The resource name string (required)

Character limit: 3-128

Valid characters:
Alphanumerics, hyphens, and underscores

Start with letter or number.
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
Create a WordPress site

Deploy to Azure
This template creates a WordPress site on Container Instance
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
Azure Image Builder with Azure Windows Baseline

Deploy to Azure
Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Import VHD Blobs from a ZIP Archive URL

Deploy to Azure
Deploying Virtual Machines based on specialized disk images requires to import VHD files into a Storage Account. In the case there are multiple VHD files compressed in a single ZIP and you got the URL to fetch the ZIP archive, this ARM template will ease the job: Download, Extract and Import into an existing Storage Account Blob Container.
Create a user-assigned managed identity and role assignment

Deploy to Azure
This module allows you to create a user-assigned managed identity and a role assignment scoped to the resource group.
Create an API Management service with SSL from KeyVault

Deploy to Azure
This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours.
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Deploy a simple Azure Spring Apps microservice application

Deploy to Azure
This template deploys a simple Azure Spring Apps microservice application to run on Azure.
RBAC - Create Managed Identity Access on Azure Maps account

Deploy to Azure
This template creates a Managed Identity and assigns it access to an a created Azure Maps account.
Create alert rule for azure business continuity items

Deploy to Azure
This templates creates an alert rule and user assigned MSI. It also assigns the MSI reader access to the subscription so that the alert rule has access to query the required protected items and latest recovery point details.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Create an on-demand SFTP Server with persistent storage

Deploy to Azure
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
FinOps hub

Deploy to Azure
This template creates a new FinOps hub instance, including Data Lake storage and a Data Factory.
AzureDatabricks Template with Default Storage Firewall

Deploy to Azure
This template allows you to create an Default Storage Firewall enabled Azure Databricks workspace with Privateendpoint, all three forms of CMK, and User-Assigned Access Connector.
Configure Dev Box service

Deploy to Azure
This template would create all Dev Box admin resources as per Dev Box quick start guide (https://learn.microsoft.com/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box.
Deploy the MedTech service including an Azure IoT Hub

Deploy to Azure
The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service.
Create key vault, managed identity, and role assignment

Deploy to Azure
This template creates a key vault, managed identity, and role assignment.
Azure Container Service (AKS) with Helm

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS) with Helm
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Create an Application Gateway V2 with Key Vault

Deploy to Azure
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway.
Testing environment for Azure Firewall Premium

Deploy to Azure
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Build container images with ACR Tasks

Deploy to Azure
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo.
Import Container Images into ACR

Deploy to Azure
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry.
Create Application Gateway with Certificates

Deploy to Azure
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Create ssh-keys and store in KeyVault

Deploy to Azure
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
Deploys a static website

Deploy to Azure
Deploys a static website with a backing storage account
Web App with Managed Identity, SQL Server and ΑΙ

Deploy to Azure
Simple example to deploy Azure infrastructure for app + data + managed identity + monitoring
Create an Azure Virtual Network Manager and sample VNETs

Deploy to Azure
This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types.

Terraform (AzAPI provider) resource definition

The userAssignedIdentities resource type can be deployed to:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ManagedIdentity/userAssignedIdentities resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
}

Property values

userAssignedIdentities

Name Description Value
type The resource type "Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31"
name The resource name string (required)

Character limit: 3-128

Valid characters:
Alphanumerics, hyphens, and underscores

Start with letter or number.
location The geo-location where the resource lives string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags. Dictionary of tag names and values.