Is Azure Managed Identity enabled for Windows desktop app?

Question

I followed the instructions in this tutorial (option #1 auto-configure): https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-windows-desktop

The generated WPF desktop app works fine and I am able to get it to authenticate to my Azure AD account.

Does this mean that the desktop app is using Azure Managed Identity?

If not, what else do I have to do to accomplish this?

My ultimate goal is to be able to modify the desktop application and access secrets in Azure Key Vault, without having to hardcode credentials or use environment variables.

Answer 1

Does this mean that the desktop app is using Azure Managed Identity?

No, it does not mean that, the desktop app from this doc just uses an AAD App for you to login, nothing related to the managed identity(MSI).

If not, what else do I have to do to accomplish this?

If you want to use MSI to access secrets in azure keyvault, you need to run your code in azure services that supported MSI eg azure app service, azure VM, etc, MSI is not available anywhere else.

For the code, just use the Azure Key Vault secret client library for .NET , it uses DefaultAzureCredential to auth, it will try several auth ways automatically, one of them is ManagedIdentityCredential ie MSI.

var client = new SecretClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());

Also you should note, when you use MSI to access azure keyvault secret, it is a non-interactive way and no user will be asked to login(ie no user involved), because MSI is essentially a service principal in AAD, when using it to auth, it just makes an API call to the azure instance metadata endpoint to get the token, then use the token to auth.