Share via

az vm identity

Manage service identities of a VM.

Commands

Name Description Type Status
az vm identity assign

Enable managed service identity on a VM.

 Core GA
az vm identity remove

Remove managed service identities from a VM.

 Core GA
az vm identity show

Display VM's managed identity info.

 Core GA

az vm identity assign

Edit

Enable managed service identity on a VM.

This is required to authenticate and interact with other Azure services using bearer tokens.

az vm identity assign [--identities]
                      [--ids]
                      [--name]
                      [--resource-group]
                      [--role]
                      [--scope]
                      [--subscription]

Examples

Enable the system assigned identity on a VM with the 'Reader' role.

az vm identity assign -g MyResourceGroup -n MyVm --role Reader --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup

Enable the system assigned identity and a user assigned identity on a VM with the 'Reader' role.

az vm identity assign -g MyResourceGroup -n MyVm --role Reader --identities [system] myAssignedId --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--identities

Space-separated identities to assign. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--role

Role name or id the system assigned identity will have.

--scope

Scope that the system assigned identity can access.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az vm identity remove

Edit

Remove managed service identities from a VM.

az vm identity remove [--identities]
                      [--ids]
                      [--name]
                      [--resource-group]
                      [--subscription]

Examples

Remove the system assigned identity

az vm identity remove -g MyResourceGroup -n MyVm

Remove a user assigned identity

az vm identity remove -g MyResourceGroup -n MyVm --identities readerId

Remove 2 identities which are in the same resource group with the VM

az vm identity remove -g MyResourceGroup -n MyVm --identities readerId writerId

Remove the system assigned identity and a user identity

az vm identity remove -g MyResourceGroup -n MyVm --identities [system] readerId

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--identities

Space-separated identities to remove. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az vm identity show

Edit

Display VM's managed identity info.

az vm identity show [--ids]
                    [--name]
                    [--resource-group]
                    [--subscription]

Examples

display VM's managed identity info. (autogenerated)

az vm identity show --name MyVirtualMachine --resource-group MyResourceGroup

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False