deploying azure function app that uses a system assigned managed identity
We have an azure function app that uses a system assigned managed identity to access resources.
I have not found a way to use this system assigned identity when deploying the function app via devops. e.g.
- deploy the function app.
- enable the system assigned identity.
- grant function app access to key vault with the system assigned managed identity.
is this a case where the system assigned identity simply does not work and i need to create one manually ?
First of all, if you want to deploy the function app via DevOps using managed identity created by the azure function, the answer is no.
See here:
You are required to use a self-hosted agent on an Azure VM in order to use managed service identity.
Follow the steps above if you want to use manage identity to integrate with DevOps.
A system-assigned managed identity is enabled directly on an Azure service instance. When the identity is enabled in your azure function app service instance, Azure creates an identity for the azure function app instance in the Azure AD tenant that's trusted by the subscription of the instance. After the identity is created, the credentials are provisioned onto the azure function app instance.
You can find it in Enterprise applications of AAD.
This application has nothing to do with the credentials required to deploy azure functions from DevOps.
The managed identity you create with the 'enable' button is mainly used to manage the access rights of the azure function app instance to other service instances in azure.
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages
- Adding custom headers to Azure Functions response
- Azure Queue Trigger is hit but not executing the logic inside of it
- az cli not showing redisenterprise keys
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- Azure Devops Server Pipelines: Any way to have a Stage result as "Succeeded" even if a constituent Job reported "SucceededWithIssues"?
- YAML strings including special characters % and & were not printed correctly for Windows environment
- Azure function returns error: No job functions found. Try making your job classes and methods public
- How to view Oldest Query results in Azure Monitor Metrics for an Azure PostgreSQL Flex Server instance
- Authenticate to Azure with certificate from Linux
- What are the minimum Azure permissions required to publish a Power BI report using "App Owns the Data"?
- How to report an Azure Text-to-Speech bug?
- Refresh an Azure search index
- Best way to clean up resources in StatefulService
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Query Azure SQL Database using Rest-API