Document Details

Disable Managed Identity For Automation
Home / Scan #41 / Disable Managed Identity For Automation
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
powershell_heavy
missing_linux_example
windows_tools
windows_first
Summary
The documentation provides only PowerShell-based examples and instructions for disabling a system-assigned managed identity via the REST API, assuming the use of Windows tools and workflows. There are no examples or guidance for performing the same task using Linux-native tools (such as curl, az CLI, or bash scripting), and the PowerShell approach is presented as the default method. This creates a bias towards Windows environments and users.
Recommendations
  • Add equivalent examples using Azure CLI (az rest) and/or curl for sending the PATCH request, with sample bash scripts.
  • Include instructions for authenticating and obtaining an access token on Linux/macOS (e.g., using az account get-access-token).
  • Present both PowerShell and Linux-native (bash/CLI) examples side by side, or clearly indicate that multiple platforms are supported.
  • Avoid assuming the use of PowerShell or Windows-specific cmdlets as the only method for interacting with Azure REST APIs.
  • Explicitly mention that the steps can be performed from any OS, and provide parity in tooling and instructions.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2025-07-12 23:44 #41 cancelled Biased Biased
2025-07-12 00:58 #8 cancelled Clean Clean
2025-07-10 05:06 #7 processing Clean Clean
2025-07-09 23:22 #6 cancelled Clean Clean

Flagged Code Snippets

    # build URI
    $URI = "https://management.azure.com/subscriptions/$subscriptionID/resourceGroups/$resourceGroup/providers/Microsoft.Automation/automationAccounts/$automationAccount`?api-version=2020-01-13-preview"
    
    # build body
    $body = Get-Content $file
    
    # obtain access token
    $azContext = Get-AzContext
    $azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
    $profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($azProfile)
    $token = $profileClient.AcquireAccessToken($azContext.Subscription.TenantId)
    $authHeader = @{
        'Content-Type'='application/json'
        'Authorization'='Bearer ' + $token.AccessToken
    }
    
    # Invoke the REST API
    Invoke-RestMethod -Uri $URI -Method PATCH -Headers $authHeader -Body $body
    
    # Confirm removal
    (Get-AzAutomationAccount `
        -ResourceGroupName $resourceGroup `
        -Name $automationAccount).Identity.Type
    
    # Sign in to your Azure subscription
    $sub = Get-AzSubscription -ErrorAction SilentlyContinue
    if(-not($sub))
    {
        Connect-AzAccount
    }
    
    # If you have multiple subscriptions, set the one to use
    # Select-AzSubscription -SubscriptionId "<SUBSCRIPTIONID>"
    
    $subscriptionID = "subscriptionID"
    $resourceGroup = "resourceGroupName"
    $automationAccount = "automationAccountName"
    $file = "path\body_remove_sa.json"