Reputation: 18546
How can I change the display name of a managed identity?
I created an Azure Policy which automatically performs actions on created resources. This in turn created a managed identity for these operations. Everything works great.
The necessary permissions for the managed identity are automatically assigned to the scope (subscription in my case). However, if you only see the permissions, you have no way of knowing what this managed identity is and why it exists. My idea would be to change the display name. Unfortunately, I don't see how.
How can I change the display name (in red) of the application? Is there a different way to make it more clear to others why this assignment exists on the given scope?
I tried changing the name via Azure CLI, but seem to have no permissions, even though I own the directory. I can change the name of other enterprise applications.
az ad sp update --id 4bf9bdf0-5a67-45a7-b580-566d63b4a652 --set appDisplayName="AzurePolicy"
Insufficient privileges to complete the operation.
Upvotes: 1
Views: 3167
Answers (2)
Reputation: 735
The managed identity created by an Azure Policy matches the name of the policy assignment.
When creating policy assignments from the portal, this name is generated for you, so the managed identity will always have a random name. However, if you use a code-based solution to create/manage your policies then you can customize the name of the assignment and the resultant managed identity.
There is a 24-character limit on policy assignment names, so this then applies to the managed identity name as well.
For anyone who is curious, you can use Terraform to manage policies, or something like Enterprise Policy as Code.
Upvotes: 0
Reputation: 18546
My current best guess for a workaround answer would be to create a custom role which should only be used by my policy definition. I can then give it exactly the permissions it requires - and I can give the role a name. However, I would prefer a solution with less management involved, since it would also require me to create all policies instead of reusing existing ones.
Update: As of August 2021, you can use user-assigned managed identities for Azure Policy, which can have a good name (and tags) to make things much more transparent. The name of a system-assigned managed identity is still cryptic and cannot be changed.
Upvotes: 1
Related Questions
- Renaming Azure Active Directory
- Update Display Name in Azure B2C custom policy
- How to change user principal name on Azure AD
- how to set the service principle display name in azure active directory
- Azure AD B2C Custom Policies and remove display name from sign up UI
- Changing sign-in name in AAD B2C
- How to rename Azure Data Lake Storage Gen1 account name?
- Azure B2C UI Customization - Identity Provider Header and field display names
- Azure B2C: Default Display Name
- Azure AD Tenant Name