Document Details
Modify Virtual Machine Identity
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
powershell_heavy
⚠️
windows_first
⚠️
missing_linux_example
Summary:
The documentation provides detailed instructions for using the Azure Portal and PowerShell (with Azure PowerShell cmdlets) to add user assigned identities to virtual machines. There are no examples or instructions for performing these tasks using cross-platform tools such as Azure CLI, nor are there any references to Linux shell environments or scripts. The PowerShell section is extensive and assumes the use of PowerShell, which is more commonly associated with Windows environments, and the documentation does not mention or demonstrate Linux-native workflows.
Recommendations:
- Add equivalent Azure CLI examples for all PowerShell commands, as Azure CLI is cross-platform and widely used on Linux and macOS.
- Explicitly mention that PowerShell Core is available on Linux and macOS if PowerShell must be used, and provide installation guidance or links.
- Include bash or shell script examples where appropriate, especially for file creation and command execution.
- Ensure that any references to tools or commands are balanced, presenting Azure CLI or REST API options alongside PowerShell.
- Review the documentation for terminology or instructions that assume a Windows environment and generalize them for cross-platform audiences.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-08-17 00:01 | #83 | in_progress | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ✅ Clean |
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
Flagged Code Snippets
> [!NOTE]
> The definition MUST be assigned with enforcement mode disabled (DoNotEnforce) to prevent failures on newly created resources.
Replace _Subscription01_ with the name of your intended resource group.
The **Scope** parameter on `New-AzPolicyAssignment` works with management group, subscription,
resource group, or a single resource. The parameter uses a full resource path, which the
**ResourceId** property on `Get-AzResourceGroup` returns. The pattern for **Scope** for each
container is as follows. Replace `{rName}`, `{rgName}`, `{subId}`, and `{mgName}` with your
resource name, resource group name, subscription ID, and management group name, respectively.
`{rType}` would be replaced with the **resource type** of the resource, such as
`Microsoft.Compute/virtualMachines` for a VM.
- Resource - `/subscriptions/{subID}/resourceGroups/{rgName}/providers/{rType}/{rName}`
- Resource group - `/subscriptions/{subId}/resourceGroups/{rgName}`
- Subscription - `/subscriptions/{subId}`
- Management group - `/providers/Microsoft.Management/managementGroups/{mgName}`
1. After you create the policy assignment, you can create a remediation task that adds the identity to existing virtual machine and virtual machine scale sets resources by running the following command:
The command creates a policy definition named _Modify identities on existing VMs and VMSS_.
When called without location parameters, `New-AzPolicyDefinition` defaults to saving the policy
definition in the selected subscription of the session's context. To save the definition to a
different location, use the following parameters:
- **SubscriptionId** - Save to a different subscription. Requires a _GUID_ value.
- **ManagementGroupName** - Save to a management group. Requires a _string_ value.
1. After you create your policy definition, you can create a policy assignment by running the
following commands: