Overview of Managed Identities for Azure Resources
Start course
1h 41m

This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.

Learning Objectives

  • Study and understand what Azure AD Domain Services do and what they can offer
  • Learn to create and manage hybrid identities via Azure AD Connect 
  • Understand the principles of Azure MFA and SSO, and how to enable them
  • Recognize and deploy the key principles of Azure AD B2B and B2C 
  • Learn and utilize Privileged Identity Management

Intended Audience

This course is intended for:

  • IT professionals who are interested in getting certified with MS Azure
  • Those looking to become Azure architects and/or tasked with designing identity management solutions


  • A mid-range knowledge of MS Azure is recommended before starting this course
  • An understanding of identity management concepts

Related Training Content

For more courses related to MS Azure, visit our dedicated Content Training Library.





Managed Identities for Azure Resources is a feature of Azure Active Directory. There are several Azure services that support Managed Identities for Azure Resources. For those who build cloud applications, management of credentials within a code for authenticating to cloud services is often a common challenge. It's critical to ensure credentials are kept secure. As a matter of fact, preferably, credentials should never appear on a developer's workstation, nor should credentials ever be checked into source control. With Azure Key Vault, administrators have a way to securely store credentials. However, to be effective, the application code needs to authenticate to Key Vault to retrieve those credentials that are stored. Enter Managed Identities for Azure Resources. Using the Managed Identities for Azure Resources feature in Azure AD solves this problem. This solution provides supported Azure services with an automatically managed identity in Azure AD that can be used to authenticate to any service that supports Azure AD authentication without the need to store any credentials in code. Key Vault is one of the Azure services that is supported. Managed Identities for Azure Resources is a free feature that comes with all Azure AD editions. There are two types of managed identities to choose from. 

They include a system-assigned managed identity and a user-assigned managed identity. A system-assigned managed identity is enabled directly on an Azure service instance. Once the identity has been enabled, Azure will create an identity for the instance in the Azure AD tenant that's trusted by the subscription of the instance. The credentials for the identity are provisioned onto the instance after the identity had been created. System-assigned identities are tied to the Azure service instances that they are enabled on. Deleting an instance with a system-assigned managed identity attached to it will cause Azure to automatically clean up the credentials, along with the identity in Azure AD. A user-assigned managed identity is essentially a standalone Azure resource. Via a creation process, Azure creates the identity in the Azure AD tenant. The subscription in use, in turn, trusts the identity. An identity, once created, can be assigned to one or more Azure service instances. Unlike a system-assigned managed identity, the lifecycle of a user-assigned identity is managed separately from that of the Azure service instance, or instances, to which it's been assigned. Application code can use managed identities to request access tokens for services that support Azure AD authentication. Azure will handle the rolling of the credentials that are used by the service instance.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.