Unit 4: Create and Configure Managed Identities

The Problem Managed Identities Solve

Applications often need secrets to authenticate to other services. Storing secrets in code, configuration files, or even Key Vault still creates credential management challenges.

Managed identities eliminate this problem by providing an identity that Azure manages automatically.

How Managed Identities Work

A managed identity:

• Is created in Microsoft Entra ID.
• Is tied to an Azure resource.
• Can request tokens from Entra ID.
• Never exposes credentials to developers.

Applications simply request a token, and Azure handles the rest.

Types of Managed Identities

• System-assigned managed identities are tied to a single resource and deleted automatically when the resource is deleted.
• User-assigned managed identities are standalone resources that can be shared across multiple services.

System-assigned identities are simpler, while user-assigned identities provide reuse and consistency.

Value of Managed Identities

Managed identities support Zero Trust principles by:

• Eliminating stored secrets.
• Enforcing least privilege.
• Limiting blast radius if an application is compromised.