Managed identities for Azure resources provide Azure services with an automatically managed identity in Microsoft Entra ID. You can use this identity to authenticate to any service that supports Microsoft Entra authentication without having credentials in your code.
In this article, you'll learn how to view the service principal of a managed identity.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
The following command demonstrates how to view the service principal of a virtual machine (VM) or application with managed identity enabled. Replace <Azure resource name> with your own values.
Azure CLI
az ad sp list --display-name<Azure resource name>
Next steps
For more information on managing Microsoft Entra service principals, see Azure CLI ad sp.
View the service principal for a managed identity using PowerShell
To run the scripts for this example, you have two options:
Use the Azure Cloud Shell, which you can open using the Try It button on the top right corner of code blocks.
Run scripts locally by installing the latest version of Azure PowerShell, then sign in to Azure using Connect-AzAccount.
The following command demonstrates how to view the service principal of a virtual machine (VM) or application with system assigned identity enabled. Replace <Azure resource name> with your own values.