Hi, Jorge is back. In this post, I want to show you How to enable the system-assigned managed identity on an Azure VM using Powershell and Azure CLI. When you enable a system-assigned managed identity, Azure creates an identity associated with the instance and stores it to the Azure AD tenant associated with the subscription where you created the service instance. If you decide to delete the service instance, Azure automatically deletes the managed instance associated with the service instance stored in the Azure AD tenant.

Important: Your account needs the Virtual Machine Contributor role assignment to enable system-assigned managed identity on an Azure Virtual Machine.

Azure PowerShell Workaround

If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Once you set your default subscription, you’re ready to start.

Set the variables

Here, we define the characteristics of our environment and the resource’s properties.

The following command will store the VM in a variable to pass as a parameter in the next step.

Enable system-assigned managed identity

To enable the identity of the managed service on your virtual machine, you must use the Update-AzVM cmdlet with the following syntax.

Verify the changes made

Once identity is enabled, you can get the VM managed identity info using the following command.

system identity VM

To get the information of the service principal created in your Azure AD tenant, you should use the Get-AzADServicePrincipalcmdlet with the following syntax.

Get-AzADServicePrincipal

Disable system-assigned managed identity

To disable the system-assigned managed identity on your virtual machine, follow these steps.

Remember that disabling the virtual machine identity also removes the service principal from your Azure AD tenant.

Azure CLI Workaround

In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link.

First, we define the characteristics of our environment and store the values in variables.

Enable system-assigned managed identity

Once you have all the necessary information, you can enable the system-assigned managed identity on an Azure VM with the following command.

Verify the changes made

To get the VM’s managed identity info. You should use the following command.

system identity VM

You can also use the following commands to get the details of the service principal created in your Azure AD tenant.

Get-AzADServicePrincipal

Disable system-assigned managed identity

Finally, follow these steps if you want to remove the system-assigned managed identity on your virtual machine.

Remember that disabling the virtual machine identity also removes the service principal from your Azure AD tenant.

Thanks for reading my post. I hope you find it useful.

In the next post, I will show you how to assign a managed identity access to a resource using Powershell and Azure CLI.

For more information about managed identities for Azure resources, check this link.