Matthew Henderson - MSFT
Securing access between resources is an important part of modern cloud architectures, and we want to make that as simple as possible in Azure. Managed Service Identity (MSI) lets you securely connect to AAD-protected resources without needing to manage or rotate any secrets. If you need to work with a service that doesn't support AAD, MSI makes it easy to work with Azure Key Vault for secure secret management. This gives you secure access to resources without your application needing any bootstrapping secrets. Today, we are pleased to announce that App Service and Azure Functions support of MSI is now generally available! We are also lighting up support in Azure China, Azure Germany, and Azure Government. Users in those sovereign clouds can get started with the APIs today, and updates to the portal, CLI, and PowerShell for those environments will become available over the next few weeks. You can get started using MSI today using any app in App Service and Azure Functions by checking out our documentation. Be sure to also check out the new preview support in Visual Studio for using Key Vault with Connected Services. While Key Vault is the most common use case, MSI has also proven a powerful tool for automation tasks, allowing you to easily start working with Azure Resource Manager APIs. You can also connect directly to a variety of services including Azure SQL and Azure Service Bus. Please note that App Service on Linux and Web App for Containers do not yet support MSI. We are working on this and look forward to giving Linux users the same great turnkey identity story soon.