How can I change the display name of a managed identity?
I created an Azure Policy which automatically performs actions on created resources. This in turn created a managed identity for these operations. Everything works great.
The necessary permissions for the managed identity are automatically assigned to the scope (subscription in my case). However, if you only see the permissions, you have no way of knowing what this managed identity is and why it exists. My idea would be to change the display name. Unfortunately, I don't see how.
How can I change the display name (in red) of the application? Is there a different way to make it more clear to others why this assignment exists on the given scope?
I tried changing the name via Azure CLI, but seem to have no permissions, even though I own the directory. I can change the name of other enterprise applications.
az ad sp update --id 4bf9bdf0-5a67-45a7-b580-566d63b4a652 --set appDisplayName="AzurePolicy"
Insufficient privileges to complete the operation.
My current best guess for a workaround answer would be to create a custom role which should only be used by my policy definition. I can then give it exactly the permissions it requires - and I can give the role a name. However, I would prefer a solution with less management involved, since it would also require me to create all policies instead of reusing existing ones.
Update: As of August 2021, you can use user-assigned managed identities for Azure Policy, which can have a good name (and tags) to make things much more transparent. The name of a system-assigned managed identity is still cryptic and cannot be changed.