Virtual Geek

Tales from real IT system administrators world and non-production environment

How to view the service principal of a managed identity in the Azure portal, Powershell and AzureCLI

After enabling/deploying managed identity (service principal) on VMs, one of my junior colleague questioned me, where is service principal of managed identity is stored. Basically Service Principal (MSI) is a user account (Service Account ) and it is created under Azure Active Directory, but after few checks there was question again, where she can find same information under AAD now? For this, I provided below 3 steps (Azure Portal, Powershell and AzureCLI).

Part 1: Working With Azure Key Vault Using Azure PowerShell and AzureCLI
Part 2: Create a Virtual machine on Microsoft Azure
Part 3: Use a Azure VM system assigned managed identity to access Azure Key Vault

Azure Portal

On the Microsoft  Azure web portal login and go to Azure Active directory, from navigation pane click Enterprise Application, Under all applications > Filter Application Type to Managed Identities and click Apply. This lists all the Identities, In my case I have only one service principal managed Identity identical to Azure Virtual Machine name.

Microsoft Azure Active Directory Enterprise Applications service principal System Assigend Managed identity All applications users and groups Azure ad connect.png

After clicking on the Identity, It is a view of Overview | properties. There are more options to configure.

Microsoft Azure Enterprise application service principal user system assigned identity self sertvice assign users and groups single sign on.png

PowerShell AZ Module

Generally I use Powershell a lot and prefer over portal so below cmdlet helps to retrive the information of system assigned Service Principal identity. There are other identities but using parameter I have filtered the results to see what I can see.

❯  Get-AzADServicePrincipal -DisplayNameBeginsWith VM01

Microsoft Azure Powershell Az Module Get-azAdServicePrincipal -DisplayNameBeginsWith Service Principal Name APplicationid object type Enterprise Applications.png


Below azurecli command is alternative to PowerShell command to get the information of service principal.

❯  az ad sp list --display-name <Azure resource name>

Useful Articles
Create an Azure App registrations in Azure Active Directory using PowerShell & AzureCLI
Connect-AzureAD: One or more errors occurred. Could not load type 'System.Security.Cryptography.SHA256Cng'
Use Key Vault secret identifier url to get the secret value using Powershell
Working With Azure Key Vault Using Azure PowerShell and AzureCLI
Create key vault and secrets with access policies in Microsoft Azure
Creating a new user in Azure AD using oneliner PowerShell and Azure CLI
How to switch to other Azure AD tenant using PowerShell and Azure CLI

Go Back


Blog Search

Page Views


Follow me on Blogarama