Share via

Managed identity on automation account not working as expected

David Pereira 20 Reputation points
2025-02-26T11:51:06.7+00:00

I'm trying to use an Automation account to put some AVD hosts in azure local in drain so I can shut them down, I've configured an hybrid worker that is working with other runbooks but when I try to connect to azure using the managed identity of the hybrid worker I get the following error, if I check the ID in the warning in Entra it says it belongs to an Enterprise application with the name of the hybrid worker VM, how can I ensure it uses the correct managed identity?User's image

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,316 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ashok Gandhi Kotnana 3,715 Reputation points Microsoft Vendor
    2025-02-26T13:43:43.25+00:00

    Hi @David Pereira,

    Welcome to Microsoft Q&A Forum, thank you for posting your query here!

    In my test environment, I created a VM and set up an Automation Account. I then added the VM as a Hybrid Worker Node. After successfully adding the VM to the Automation Account as a Hybrid Worker, I assigned Contributor permissions to the Automation Account's managed identity.

    How to identity: -

    Now, go to your VDI and check whether the identity is enabled. If it is enabled, navigate to your Enterprise Applications, copy the Object ID of the managed system identity, and verify whether the service principal and managed identity are the same.in this way you can identity

    The missing part here is the required permission. You need to grant Contributor access to the service principal for the managed identity of the VDI.

    VM IdentityUser's image

    Enterprise Application verify hereUser's image

    Looks like it's a permission issue, please ensure your managed identity have the necessary permissions to the automation account and the worker node.

    Once you have enabled provide this managed identity to the VDI copy paste the identity in IAM and provide that identity with contributor access find the below screenshot, please provide it to the appropriate managed identity

    let us know if you have any further queries. I’m happy to assist you further.  

    Please provide your valuable comments User's image

    Please do not forget to "Accept the answer” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.