From 7537334e2cb20696feaa1436003bb4ac4a0e5267 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Wed, 12 Feb 2025 18:21:49 +0100 Subject: [PATCH] a --- src/pentesting-cloud/azure-security/az-services/vms/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/pentesting-cloud/azure-security/az-services/vms/README.md b/src/pentesting-cloud/azure-security/az-services/vms/README.md index caf3fed0f..5dd48d488 100644 --- a/src/pentesting-cloud/azure-security/az-services/vms/README.md +++ b/src/pentesting-cloud/azure-security/az-services/vms/README.md @@ -205,6 +205,8 @@ The Azure Instance Metadata Service (IMDS) **provides information about running Moreover, to contact the metadata endpoint, the HTTP request must have the header **`Metadata: true`** and must not have the header **`X-Forwarded-For`**. +When requesting an access token to the metadata endpoint, by default the metadata service will use the **system assigned managed identity** to generate the token, if there is any system assigned managed identity. In case there is just **ONE user assigned managed identity**, then this will be used by default. However, in case there is no system assigned managed identity and there are **multiple user assigned managed identities**, then the metadata service will return an error indicating that there are multiple managed identities and it's necessary to **specify which one to use**. + Check how to enumerate it in: {{#ref}}