Managed identities in Azure eliminate the need for developers to manage credentials, providing a secure way for apps to authenticate with Azure resources. A special type of [[Service Principal]] which is always linked to an Azure Resource. - **Types of Managed Identities**: - **System-assigned**: Tied to the lifecycle of an Azure resource, automatically created and deleted with the resource. - **User-assigned**: Created as a standalone Azure resource, can be assigned to multiple instances. - **Benefits**: - No need to rotate credentials or worry about expiring certifications. - Azure handles credential rotation and expiration. - Secure access to resources like Azure Key Vault without storing credentials in code. Managed identities provide an identity for applications to use when connecting to resources that support [[Microsoft Entra ID]] authentication. When a managed identity is enabled, a service principal representing that managed identity is created in your tenant. Service principals representing managed identities can be granted access and permissions, but can't be updated or modified directly. ## Managed Identity Types - [[System Assigned Managed Identity]] - [[User Assigned Managed Identity]] ## Resources [Design managed identities - Training | Microsoft Learn](https://learn.microsoft.com/en-us/training/modules/design-authentication-authorization-solutions/9-one-design-managed-identities)