Skip to main content

Create a Managed Identity

Hands-On Lab


Photo of Dan Sasse

Dan Sasse

Azure Training Architect II





Automation and Security go hand-in-hand in the Cloud services of today, and securely representing Azure Resources to the Authentication services that validate them is a common requirement.

In this hands-on lab, engineers create a User Assigned Managed Identity, deploy a virtual machine member server to Azure, and then attach the Managed Identity to it. In addition to utilizing the User Assigned Identity, a System Assigned Identity will also be enabled to demonstrate automation at work.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Create a Managed Identity

In this lab, we are tasked with building an Azure VM that can host code authenticated via both a User Assigned Managed identity and System Assigned Managed Identity. We will create a Managed Identity, deploy a Windows VM to Azure, and then associate the User Assigned Managed Identity to the VM, followed lastly by enabling the System Assigned Managed Identity. As this environment is administrated by a client, we will not be able to verify the Azure AD side of these objects.

Before We Begin

To get started, we need to log in to the Azure portal using the provided credentials. Once logged in, we can begin.

Create a User Assigned Managed Identity

To get started, we need to create a User Assigned Managed Identity. To do so, select the main menu, and from the choices, choose All Services. Here, choose Identity from the list. From here, select Managed Identities.

On the Managed Identities page, select Create managed identity. For the Resource Name, use MythicalUAMI001. Select the default Resource group and for the location, use West US. Once set, select Create.

Create and Deploy a Virtual Machine

With our User Assigned Managed Identity created, go back to the All Services page. Here, select Compute, Virtual machines, then Create virtual machine. Fill out the Basics page as follows, with all items not mentioned left as their defaults:

  • Subscription: Default
  • Resource group: Select the only option
  • Virtual machine name:MythicalVM001
  • Region: (US) West US
  • Image: Windows Server 2019
  • Size: Select Change size, select B2ms
  • Username: mythicaladmin
  • Password: Crystal1Montana!
  • Public inbound ports: None Once filled out, select Next, then again to get to the Networking page. On this page, set NIC network security group to Advanced. Select Next to go to the Management page. Here, set Boot Diagnostics to Off. With everything set, clickNext until we reach the Review + create page. Here, select Create. Once it's finished deploying, we can review it by selecting Go to resource.

Associate UAMI and enable SAMI

Now, to associate the UAMI and enable SAMI, go back to All services before selecting Identity. Here, select the User assigned tab and click User Assigned Managed Identity. On the sidebar that appears, select the MythicalUAMI001 resource group then select Add.

Go back to the System assigned tab. Here, change the Status to On, then click Save, and click Yes when prompted. This finishes the enabling of the System Assigned Managed Identity.


Upon finishing this lab, we are now able to create a User Assigned Managed Identity, then create and deploy a virtual machine, and then associate User Assigned Managed Identity and enable the System Assigned Managed Identity. Congratulations on completing this lab!