Search services uses a managed identity
March 21, 2025 ยท View on GitHub
SYNOPSIS
Configure managed identities to access Azure resources.
DESCRIPTION
AI Search (Previously known as Cognitive Search) may require connection to other Azure resources. Connections to Azure resources are required to use some features including indexing and customer managed-keys. AI Search can use managed identities to authenticate to Azure resources without storing credentials.
Using Azure managed identities have the following benefits:
- You don't need to store or manage credentials. Azure automatically generates tokens and performs rotation.
- You can use managed identities to authenticate to any Azure service that supports Entra ID authentication.
- Managed identities can be used without any additional cost.
RECOMMENDATION
Consider configuring a managed identity for each AI Search service. Also consider using managed identities to authenticate to related Azure services.
EXAMPLES
Configure with Azure template
To deploy AI Search services that pass this rule:
- Set the
identity.typeproperty toSystemAssigned.
For example:
{
"type": "Microsoft.Search/searchServices",
"apiVersion": "2022-09-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "standard"
},
"properties": {
"replicaCount": 3,
"partitionCount": 1,
"hostingMode": "default"
}
}
Configure with Bicep
To deploy AI Search Search services that pass this rule:
- Set the
identity.typeproperty toSystemAssigned.
For example:
resource search 'Microsoft.Search/searchServices@2022-09-01' = {
name: name
location: location
identity: {
type: 'SystemAssigned'
}
sku: {
name: 'standard'
}
properties: {
replicaCount: 3
partitionCount: 1
hostingMode: 'default'
}
}