az vm identity

Reference

Manage service identities of a VM.

Commands

Name	Description	Type	Status
az vm identity assign	Enable managed service identity on a VM.	Core	GA
az vm identity remove	Remove managed service identities from a VM.	Core	GA
az vm identity show	Display VM's managed identity info.	Core	GA

az vm identity assign

Edit

Enable managed service identity on a VM.

This is required to authenticate and interact with other Azure services using bearer tokens.

az vm identity assign [--identities]
                      [--ids]
                      [--name]
                      [--resource-group]
                      [--role]
                      [--scope]
                      [--subscription]

Examples

Enable the system assigned identity on a VM with the 'Reader' role.

az vm identity assign -g MyResourceGroup -n MyVm --role Reader --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup

Enable the system assigned identity and a user assigned identity on a VM with the 'Reader' role.

az vm identity assign -g MyResourceGroup -n MyVm --role Reader --identities [system] myAssignedId --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup

Optional Parameters

--identities

Space-separated identities to assign. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--role

Role name or id the system assigned identity will have.

--scope

Scope that the system assigned identity can access.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az vm identity remove

Edit

Remove managed service identities from a VM.

az vm identity remove [--identities]
                      [--ids]
                      [--name]
                      [--resource-group]
                      [--subscription]

Examples

Remove the system assigned identity

az vm identity remove -g MyResourceGroup -n MyVm

Remove a user assigned identity

az vm identity remove -g MyResourceGroup -n MyVm --identities readerId

Remove 2 identities which are in the same resource group with the VM

az vm identity remove -g MyResourceGroup -n MyVm --identities readerId writerId

Remove the system assigned identity and a user identity

az vm identity remove -g MyResourceGroup -n MyVm --identities [system] readerId

Optional Parameters

--identities

Space-separated identities to remove. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az vm identity show

Edit

Display VM's managed identity info.

az vm identity show [--ids]
                    [--name]
                    [--resource-group]
                    [--subscription]

Examples

display VM's managed identity info. (autogenerated)

az vm identity show --name MyVirtualMachine --resource-group MyResourceGroup

Optional Parameters

--ids

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az vm identity

Commands

az vm identity assign

Examples

Optional Parameters

az vm identity remove

Examples

Optional Parameters

az vm identity show

Examples

Optional Parameters

Feedback

Additional resources