Assign a managed identity access to a resource by using the Azure portal

Managed identities for Azure resources is a feature of Microsoft Entra ID. Each of the Azure services that support managed identities for Azure resources are subject to their own timeline. Make sure you review the availability status of managed identities for your resource and known issues before you begin.

After you've configured an Azure resource with a managed identity, you can give the managed identity access to another resource, just like any security principal. This article shows you how to give an Azure virtual machine or virtual machine scale set's managed identity access to an Azure storage account, by using the Azure portal.


Use Azure RBAC to assign a managed identity access to another resource


Steps in this article might vary slightly based on the portal you start from.


The steps outlined below show is how you grant access to a service using Azure RBAC. Check specific service documentation on how to grant access - for example check Azure Data Explorer for instructions. Some Azure services are in the process of adopting Azure RBAC on the data plane

After you've enabled managed identity on an Azure resource, such as an Azure VM or Azure virtual machine scale set:

  1. Sign in to the Azure portal using an account associated with the Azure subscription under which you have configured the managed identity.

  2. Navigate to the desired resource on which you want to modify access control. In this example, we are giving an Azure virtual machine access to a storage account, so we navigate to the storage account.

  3. Select Access control (IAM).

  4. Select Add > Add role assignment to open the Add role assignment page.

  5. Select the role and managed identity. For detailed steps, see Assign Azure roles using the Azure portal.

    Screenshot that shows the page for adding a role assignment.

Next steps