General availability: Managed Service Identity for App Service and Azure Functions

Posted on Tuesday, June 26, 2018

Azure App Service and Azure Functions support of Managed Service Identity (MSI) is now generally available. MSI lets you securely connect to Azure Active Directory (Azure AD)–protected resources without needing to manage or rotate any secrets. If you need to work with a service that doesn’t support Azure AD, MSI makes it easy to work with Azure Key Vault for secure secret management.  

If you used the feature during preview, you might have noticed that turning MSI off in the portal, in the CLI, or in PowerShell just set an app setting: WEBSITE_DISABLE_MSI. This app setting disables the local token service but does not remove the identity itself. Going forward, the “off” indication will change the identity type to “None,” which will also remove the identity from Azure AD. The WEBSITE_DISABLE_MSI app setting will no longer be affected by the enablement/disablement behaviors. We encourage users to move away from this setting if possible, because your site will now show MSI as “on” even if this setting is present. 

For more information, see the documentation

Related feedback

See related feedback from Azure customers