{
	"id": "19f4c779-fd73-4154-b72f-9852ebfbde38",
	"created_at": "2026-04-06T15:53:38.605309Z",
	"updated_at": "2026-04-10T13:12:18.395848Z",
	"deleted_at": null,
	"sha1_hash": "0c5a2c1640ef7e29d0877e6b160f98d55c2100b8",
	"title": "Use managed identities on a virtual machine to acquire access token - Managed identities for Azure resources",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 126970,
	"plain_text": "Use managed identities on a virtual machine to acquire access\r\ntoken - Managed identities for Azure resources\r\nBy kengaderdus\r\nArchived: 2026-04-06 15:16:28 UTC\r\nManaged identities for Azure resources provide Azure services with an automatically managed identity in\r\nMicrosoft Entra ID. You can use this identity to authenticate to any service that supports Microsoft Entra\r\nauthentication, without having credentials in your code.\r\nThis article provides various code and script examples for token acquisition. It also contains guidance about\r\nhandling token expiration and HTTP errors.\r\nIf you're not familiar with the managed identities for Azure resources feature, see this overview. If you\r\ndon't have an Azure account, sign up for a free account before you continue.\r\nIf you plan to use the Azure PowerShell examples in this article, be sure to install the latest version of Azure\r\nPowerShell.\r\nImportant\r\nAll sample code/script in this article assumes the client is running on a virtual machine with managed\r\nidentities for Azure resources. Use the virtual machine \"Connect\" feature in the Azure portal, to remotely\r\nconnect to your VM. For details on enabling managed identities for Azure resources on a VM, see\r\nConfigure managed identities for Azure resources on a VM using the Azure portal, or one of the variant\r\narticles (using PowerShell, CLI, a template, or an Azure SDK).\r\nImportant\r\nThe security boundary of managed identities for Azure resources is the resource where the identity is used.\r\nAll code/scripts running on a virtual machine can request and retrieve tokens for any managed identities\r\navailable on it.\r\nA client application can request a managed identity app-only access token to access a given resource. The token is\r\nbased on the managed identities for Azure resources service principal. As such, there's no need for the client to\r\nobtain an access token under its own service principal. The token is suitable for use as a bearer token in service-to-service calls requiring client credentials.\r\nLink Description\r\nGet a token using HTTP Protocol details for managed identities for Azure resources token endpoint\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 1 of 13\n\nLink Description\r\nGet a token using\r\nAzure.Identity\r\nExample of using managed identities for Azure resources REST endpoint from\r\na C# client using Azure.Identity\r\nGet a token using C#\r\nExample of using managed identities for Azure resources REST endpoint from\r\na C# client using HttpClient\r\nGet a token using Java\r\nExample of using managed identities for Azure resources REST endpoint from\r\na Java client\r\nGet a token using Go\r\nExample of using managed identities for Azure resources REST endpoint from\r\na Go client\r\nGet a token using\r\nPowerShell\r\nExample of using managed identities for Azure resources REST endpoint from\r\na PowerShell client\r\nGet a token using CURL\r\nExample of using managed identities for Azure resources REST endpoint from\r\na Bash/CURL client\r\nHandling token caching Guidance for handling expired access tokens\r\nError handling\r\nGuidance for handling HTTP errors returned from the managed identities for\r\nAzure resources token endpoint\r\nResource IDs for Azure\r\nservices\r\nWhere to get resource IDs for supported Azure services\r\nThe fundamental interface for acquiring an access token is based on REST, making it accessible to any client\r\napplication running on the VM that can make HTTP REST calls. This approach is similar to the Microsoft Entra\r\nprogramming model, except the client uses an endpoint on the virtual machine (vs a Microsoft Entra endpoint).\r\nSample request using the Azure Instance Metadata Service (IMDS) endpoint (recommended):\r\nGET 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01\u0026resource=https://management.a\r\nElement Description\r\nGET\r\nThe HTTP verb, indicating you want to\r\nretrieve data from the endpoint. In this case,\r\nan OAuth access token.\r\nhttp://169.254.169.254/metadata/identity/oauth2/token\r\nThe managed identities for Azure resources\r\nendpoint for the Instance Metadata Service.\r\napi-version A query string parameter, indicating the API\r\nversion for the IMDS endpoint. Use API\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 2 of 13\n\nElement Description\r\nversion 2018-02-01 or greater.\r\nresource\r\nA query string parameter, indicating the App\r\nID URI of the target resource. It also appears\r\nin the aud (audience) claim of the issued\r\ntoken. This example requests a token to\r\naccess Azure Resource Manager, which has\r\nan App ID URI of\r\nhttps://management.azure.com/ .\r\nMetadata\r\nAn HTTP request header field required by\r\nmanaged identities. This information is used\r\nas a mitigation against server side request\r\nforgery (SSRF) attacks. This value must be\r\nset to \"true\", in all lower case.\r\nobject_id\r\n(Optional) A query string parameter,\r\nindicating the object_id of the managed\r\nidentity you would like the token for.\r\nRequired, if your VM has multiple user-assigned managed identities.\r\nclient_id\r\n(Optional) A query string parameter,\r\nindicating the client_id of the managed\r\nidentity you would like the token for.\r\nRequired, if your VM has multiple user-assigned managed identities.\r\nmsi_res_id\r\n(Optional) A query string parameter,\r\nindicating the msi_res_id (Azure Resource\r\nID) of the managed identity you would like\r\nthe token for. Required, if your VM has\r\nmultiple user-assigned managed identities.\r\nSample response:\r\nHTTP/1.1 200 OK\r\nContent-Type: application/json\r\n{\r\n \"access_token\": \"eyJ0eXAi...\",\r\n \"refresh_token\": \"\",\r\n \"expires_in\": \"3599\",\r\n \"expires_on\": \"1506484173\",\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 3 of 13\n\n\"not_before\": \"1506480273\",\r\n \"resource\": \"https://management.azure.com/\",\r\n \"token_type\": \"Bearer\"\r\n}\r\nElement Description\r\naccess_token\r\nThe requested access token. When you call a secured REST API, the token is embedded\r\nin the Authorization request header field as a \"bearer\" token, allowing the API to\r\nauthenticate the caller.\r\nrefresh_token Not used by managed identities for Azure resources.\r\nexpires_in\r\nThe number of seconds the access token continues to be valid, before expiring, from time\r\nof issuance. Time of issuance can be found in the token's iat claim.\r\nexpires_on\r\nThe timespan when the access token expires. The date is represented as the number of\r\nseconds from \"1970-01-01T0:0:0Z UTC\" (corresponds to the token's exp claim).\r\nnot_before\r\nThe timespan when the access token takes effect, and can be accepted. The date is\r\nrepresented as the number of seconds from \"1970-01-01T0:0:0Z UTC\" (corresponds to\r\nthe token's nbf claim).\r\nresource\r\nThe resource the access token was requested for, which matches the resource query\r\nstring parameter of the request.\r\ntoken_type\r\nThe type of token, which is a \"Bearer\" access token, which means the resource can give\r\naccess to the bearer of this token.\r\nUsing the Azure Identity client library is the recommended way to use managed identities. Complete the following\r\nsteps:\r\n1. Install the Azure.Identity package and other required Azure SDK library packages, such as\r\nAzure.Security.KeyVault.Secrets.\r\n2. Use the sample code below. You don't need to worry about getting tokens. You can directly use the Azure\r\nSDK clients. The code is for demonstrating how to get the token, if you need to.\r\nusing Azure.Core;\r\nusing Azure.Identity;\r\nusing Azure.Security.KeyVault.Secrets;\r\nManagedIdentityCredential credential = new(\r\n ManagedIdentityId.FromUserAssignedClientId(\"\u003cmanaged_identity_client_ID\u003e\"));\r\n// Option 1: Explicit token acquisition. Manually fetch the token and convert to a string, if necessary.\r\nAccessToken accessToken = await credential.GetTokenAsync(\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 4 of 13\n\nnew TokenRequestContext([\"https://vault.azure.net\"]));\r\nstring accessTokenString = accessToken.Token;\r\n// Option 2: Implicit token acquisition. Pass the credential object to the Azure service client construct\r\n// Token acquisition is triggered on the GetSecretAsync method call.\r\nSecretClient client = new(new Uri(\"https://myvault.vault.azure.net/\"), credential);\r\nKeyVaultSecret secret = await client.GetSecretAsync(\"MySecret\");\r\nFor more information, see Use a user-assigned managed identity and Use a system-assigned managed identity.\r\nusing System;\r\nusing System.Net.Http;\r\nusing Newtonsoft.Json.Linq;\r\n// Construct HttpClient\r\nvar httpClient = new HttpClient\r\n{\r\n DefaultRequestHeaders =\r\n {\r\n { \"Metadata\", Boolean.TrueString }\r\n }\r\n};\r\n// Construct URI to call\r\nvar resource = \"https://management.azure.com/\";\r\nvar uri = $\"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01\u0026resource={resource}\";\r\n// Make call\r\nvar response = await httpClient.GetAsync(uri);\r\ntry\r\n{\r\n response.EnsureSuccessStatusCode();\r\n}\r\ncatch (HttpRequestException)\r\n{\r\n var error = await response.Content.ReadAsStringAsync();\r\n Console.WriteLine(error);\r\n throw;\r\n}\r\n// Parse response using Newtonsoft.Json\r\nvar content = await response.Content.ReadAsStringAsync();\r\nvar obj = JObject.Parse(content);\r\nvar accessToken = obj[\"access_token\"];\r\nConsole.WriteLine(accessToken);\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 5 of 13\n\nUse this JSON library to retrieve a token using Java.\r\nimport java.io.*;\r\nimport java.net.*;\r\nimport com.fasterxml.jackson.core.*;\r\n \r\nclass GetMSIToken {\r\n public static void main(String[] args) throws Exception {\r\n \r\n URL msiEndpoint = new URL(\"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01\u0026\r\n HttpURLConnection con = (HttpURLConnection) msiEndpoint.openConnection();\r\n con.setRequestMethod(\"GET\");\r\n con.setRequestProperty(\"Metadata\", \"true\");\r\n \r\n if (con.getResponseCode()!=200) {\r\n throw new Exception(\"Error calling managed identity token endpoint.\");\r\n }\r\n \r\n InputStream responseStream = con.getInputStream();\r\n \r\n JsonFactory factory = new JsonFactory();\r\n JsonParser parser = factory.createParser(responseStream);\r\n \r\n while(!parser.isClosed()){\r\n JsonToken jsonToken = parser.nextToken();\r\n \r\n if(JsonToken.FIELD_NAME.equals(jsonToken)){\r\n String fieldName = parser.getCurrentName();\r\n jsonToken = parser.nextToken();\r\n \r\n if(\"access_token\".equals(fieldName)){\r\n String accesstoken = parser.getValueAsString();\r\n System.out.println(\"Access Token: \" + accesstoken.substring(0,5)+ \"...\" + accesstoken.substr\r\n return;\r\n }\r\n }\r\n }\r\n }\r\n}\r\npackage main\r\nimport (\r\n \"fmt\"\r\n \"io/ioutil\"\r\n \"net/http\"\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 6 of 13\n\n\"net/url\"\r\n \"encoding/json\"\r\n)\r\ntype responseJson struct {\r\n AccessToken string `json:\"access_token\"`\r\n RefreshToken string `json:\"refresh_token\"`\r\n ExpiresIn string `json:\"expires_in\"`\r\n ExpiresOn string `json:\"expires_on\"`\r\n NotBefore string `json:\"not_before\"`\r\n Resource string `json:\"resource\"`\r\n TokenType string `json:\"token_type\"`\r\n}\r\nfunc main() {\r\n \r\n // Create HTTP request for a managed services for Azure resources token to access Azure Resource Manager\r\n var msi_endpoint *url.URL\r\n msi_endpoint, err := url.Parse(\"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01\r\n if err != nil {\r\n fmt.Println(\"Error creating URL: \", err)\r\n return\r\n }\r\n msi_parameters := msi_endpoint.Query()\r\n msi_parameters.Add(\"resource\", \"https://management.azure.com/\")\r\n msi_endpoint.RawQuery = msi_parameters.Encode()\r\n req, err := http.NewRequest(\"GET\", msi_endpoint.String(), nil)\r\n if err != nil {\r\n fmt.Println(\"Error creating HTTP request: \", err)\r\n return\r\n }\r\n req.Header.Add(\"Metadata\", \"true\")\r\n // Call managed services for Azure resources token endpoint\r\n client := \u0026http.Client{}\r\n resp, err := client.Do(req)\r\n if err != nil{\r\n fmt.Println(\"Error calling token endpoint: \", err)\r\n return\r\n }\r\n // Pull out response body\r\n responseBytes,err := ioutil.ReadAll(resp.Body)\r\n defer resp.Body.Close()\r\n if err != nil {\r\n fmt.Println(\"Error reading response body : \", err)\r\n return\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 7 of 13\n\n}\r\n // Unmarshall response body into struct\r\n var r responseJson\r\n err = json.Unmarshal(responseBytes, \u0026r)\r\n if err != nil {\r\n fmt.Println(\"Error unmarshalling the response:\", err)\r\n return\r\n }\r\n // Print HTTP response and marshalled response body elements to console\r\n fmt.Println(\"Response status:\", resp.Status)\r\n fmt.Println(\"access_token: \", r.AccessToken)\r\n fmt.Println(\"refresh_token: \", r.RefreshToken)\r\n fmt.Println(\"expires_in: \", r.ExpiresIn)\r\n fmt.Println(\"expires_on: \", r.ExpiresOn)\r\n fmt.Println(\"not_before: \", r.NotBefore)\r\n fmt.Println(\"resource: \", r.Resource)\r\n fmt.Println(\"token_type: \", r.TokenType)\r\n}\r\nThe following example demonstrates how to use the managed identities for Azure resources REST endpoint from\r\na PowerShell client to:\r\n1. Acquire an access token.\r\n2. Use the access token to call an Azure Resource Manager REST API and get information about the VM. Be\r\nsure to substitute your subscription ID, resource group name, and virtual machine name for\r\n\u003cSUBSCRIPTION-ID\u003e , \u003cRESOURCE-GROUP\u003e , and \u003cVM-NAME\u003e , respectively.\r\nInvoke-RestMethod -Method GET -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-0\r\nExample of how to parse the access token from the response:\r\n# Get an access token for managed identities for Azure resources\r\n$resource = 'https://management.azure.com'\r\n$response = Invoke-RestMethod -Method GET `\r\n -Uri \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01\u0026r\r\n -Headers @{ Metadata=\"true\" }\r\n$accessToken = $response.access_token\r\nWrite-Host \"Access token using a User-Assigned Managed Identity is $accessToken\"\r\n# Use the access token to get resource information for the VM\r\n$secureToken = $accessToken | ConvertTo-SecureString -AsPlainText\r\n$vmInfoRest = Invoke-RestMethod -Method GET `\r\n -Uri 'https://management.azure.com/subscriptions/\u003cSUBSCRIPTION-ID\u003e/resourceGroups/\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 8 of 13\n\n-ContentType 'application/json' `\r\n -Authentication Bearer `\r\n -Token $secureToken\r\nWrite-Host \"JSON returned from call to get VM info: $($vmInfoRest.content)\"\r\ncurl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01\u0026resource=https%3A%2F%2Fmanag\r\nExample of how to parse the access token from the response:\r\nresponse=$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01\u0026resource=https%3A\r\naccess_token=$(echo $response | python -c 'import sys, json; print (json.load(sys.stdin)[\"access_token\"])')\r\necho Access token using a User-Assigned Managed Identity is $access_token\r\nThe managed identities subsystem caches tokens but we still recommend that you implement token caching in\r\nyour code. You should prepare for scenarios where the resource indicates that the token is expired.\r\nOn-the-wire calls to Microsoft Entra ID result only when:\r\nCache miss occurs due to no token in the managed identities for Azure resources subsystem cache.\r\nThe cached token is expired.\r\nThe managed identities endpoint signals errors via the status code field of the HTTP response message header, as\r\neither 4xx or 5xx errors:\r\nStatus Code Error Reason How To Handle\r\n404 Not found. IMDS endpoint is updating.\r\nRetry with Exponential Backoff. See guidance\r\nbelow.\r\n410 IMDS is going through updates IMDS will be available within 70 seconds\r\n429 Too many\r\nrequests.\r\nIMDS Throttle limit reached.\r\nRetry with Exponential Backoff. See guidance\r\nbelow.\r\n4xx Error in\r\nrequest.\r\nOne or more of the request\r\nparameters was incorrect.\r\nDon't retry. Examine the error details for more\r\ninformation. 4xx errors are design-time errors.\r\n5xx Transient\r\nerror from\r\nservice.\r\nThe managed identities for Azure\r\nresources subsystem or Microsoft\r\nEntra ID returned a transient error.\r\nIt's safe to retry after waiting for at least 1 second.\r\nIf you retry too quickly or too often, IMDS and/or\r\nMicrosoft Entra ID may return a rate limit error\r\n(429).\r\ntime out IMDS endpoint is updating.\r\nRetry with Exponential Backoff. See guidance\r\nlater.\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 9 of 13\n\nIf an error occurs, the corresponding HTTP response body contains JSON with the error details:\r\nElement Description\r\nerror Error identifier.\r\nerror_description\r\nVerbose description of error. Error descriptions can change at any time. Do not write\r\ncode that branches based on values in the error description.\r\nThis section documents the possible error responses. A \"200 OK\" status is a successful response, and the access\r\ntoken is contained in the response body JSON, in the access_token element.\r\nStatus code Error\r\nError\r\nDescription\r\nSolution\r\n400 Bad\r\nRequest\r\ninvalid_resource\r\nAADSTS50001:\r\nThe application\r\nnamed \u003cURI\u003e\r\nwasn't found in\r\nthe tenant\r\nnamed\r\n\u003cTENANT-ID\u003e.\r\nThis message\r\nshows if the\r\ntenant\r\nadministrator\r\nhasn't installed\r\nthe application\r\nor no tenant\r\nuser consented\r\nto it. You might\r\nhave sent your\r\nauthentication\r\nrequest to the\r\nwrong tenant.\\\r\n(Linux only)\r\n400 Bad\r\nRequest\r\nbad_request_102\r\nRequired\r\nmetadata header\r\nnot specified\r\nEither the Metadata request header field\r\nis missing from your request, or is\r\nformatted incorrectly. The value must be\r\nspecified as true , in all lower case. See\r\nthe \"Sample request\" in the preceding\r\nREST section for an example.\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 10 of 13\n\nStatus code Error\r\nError\r\nDescription\r\nSolution\r\n401\r\nUnauthorized\r\nunknown_source\r\nUnknown\r\nSource \u003cURI\u003e\r\nVerify that your HTTP GET request URI\r\nis formatted correctly. The\r\nscheme:host/resource-path portion\r\nmust be specified as\r\nhttp://localhost:50342/oauth2/token .\r\nSee the \"Sample request\" in the preceding\r\nREST section for an example.\r\ninvalid_request\r\nThe request is\r\nmissing a\r\nrequired\r\nparameter,\r\nincludes an\r\ninvalid\r\nparameter value,\r\nincludes a\r\nparameter more\r\nthan once, or is\r\notherwise\r\nmalformed.\r\nunauthorized_client\r\nThe client isn't\r\nauthorized to\r\nrequest an\r\naccess token\r\nusing this\r\nmethod.\r\nCaused by a request on a VM that doesn't\r\nhave managed identities for Azure\r\nresources configured correctly. See\r\nConfigure managed identities for Azure\r\nresources on a VM using the Azure portal\r\nif you need assistance with VM\r\nconfiguration.\r\naccess_denied\r\nThe resource\r\nowner or\r\nauthorization\r\nserver denied\r\nthe request.\r\nunsupported_response_type The\r\nauthorization\r\nserver doesn't\r\nsupport\r\nobtaining an\r\naccess token\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 11 of 13\n\nStatus code Error\r\nError\r\nDescription\r\nSolution\r\nusing this\r\nmethod.\r\ninvalid_scope\r\nThe requested\r\nscope is invalid,\r\nunknown, or\r\nmalformed.\r\n500 Internal\r\nserver error\r\nunknown\r\nFailed to\r\nretrieve token\r\nfrom the Active\r\ndirectory. For\r\ndetails see logs\r\nin \u003cfile path\u003e\r\nVerify that the VM has managed\r\nidentities for Azure resources enabled.\r\nSee Configure managed identities for\r\nAzure resources on a VM using the Azure\r\nportal if you need assistance with VM\r\nconfiguration.\r\nAlso verify that your HTTP GET request\r\nURI is formatted correctly, particularly\r\nthe resource URI specified in the query\r\nstring. See the \"Sample request\" in the\r\npreceding REST section for an example,\r\nor Azure services that support Microsoft\r\nEntra authentication for a list of services\r\nand their respective resource IDs.\r\nImportant\r\nIMDS isn't intended to be used behind a proxy and doing so is unsupported. For examples of how to bypass\r\nproxies, refer to the Azure Instance Metadata Samples.\r\nRetry if you receive a 404, 429, or 5xx error code (see Error handling). If you receive a 410 error, it indicates that\r\nIMDS is going through updates and will be available in a maximum of 70 seconds.\r\nThrottling limits apply to the number of calls made to the IMDS endpoint. When the throttling threshold is\r\nexceeded, IMDS endpoint limits any further requests while the throttle is in effect. During this period, the IMDS\r\nendpoint returns the HTTP status code 429 (\"Too many requests\"), and the requests fail.\r\nFor retry, we recommend the following strategy:\r\nRetry strategy Settings Values How it works\r\nExponentialBackoff Retry count\r\nMin back-off\r\n5\r\n0 sec\r\nAttempt 1 - delay 0 sec\r\nAttempt 2 - delay ~2 sec\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 12 of 13\n\nRetry strategy Settings Values How it works\r\nMax back-off\r\nDelta back-off\r\nFirst fast retry\r\n60 sec\r\n2 sec\r\nfalse\r\nAttempt 3 - delay ~6 sec\r\nAttempt 4 - delay ~14 sec\r\nAttempt 5 - delay ~30 sec\r\nSee Azure Services with managed identities support for a list of resources that support managed identities for\r\nAzure resources.\r\nTo enable managed identities for Azure resources on an Azure VM, see Configure managed identities for\r\nAzure resources on a VM using the Azure portal.\r\nSource: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nhttps://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token\r\nPage 13 of 13",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token"
	],
	"report_names": [
		"how-to-use-vm-token"
	],
	"threat_actors": [],
	"ts_created_at": 1775490818,
	"ts_updated_at": 1775826738,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0c5a2c1640ef7e29d0877e6b160f98d55c2100b8.pdf",
		"text": "https://archive.orkl.eu/0c5a2c1640ef7e29d0877e6b160f98d55c2100b8.txt",
		"img": "https://archive.orkl.eu/0c5a2c1640ef7e29d0877e6b160f98d55c2100b8.jpg"
	}
}