Share via

Your Storage Sync Service is not configured to use managed identities

natalia rodriguez 0 Reputation points
2025-04-12T17:52:16.7266667+00:00
  1. I have turned on System Assigned Status to On to all of my VMs
  2. I have ensured I have the Owner permission role under Storage Sync Service
  3. When I click on the Managed Identities tab under Turn on Managed Identities its still greyed out
  4. Do I have to give a managed identity to a certain resource?
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,403 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 44,850 Reputation points MVP
    2025-04-12T18:05:51.8833333+00:00

    As per https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-managed-identities?tabs=azure-portal

    Before you can configure Azure File Sync to use managed identities, your registered servers must have a system-assigned managed identity that will be used to authenticate to the Azure File Sync service and Azure file shares.

    To enable a system-assigned managed identity on a registered server that has the Azure File Sync v20 agent installed, perform the following steps:

    • If the server is hosted outside of Azure, it must be an Azure Arc-enabled server to have a system-assigned managed identity. For more information on Azure Arc-enabled servers and how to install the Azure Connected Machine agent, see: Azure Arc-enabled servers Overview.
    • If the server is an Azure virtual machine, enable the system-assigned managed identity setting on the VM. For more information, see: Configure managed identities on Azure virtual machines.

    In particular, if your servers are outside of Azure, they must be Azure Arc-enabled servers

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. Nandamuri Pranay Teja 2,015 Reputation points Microsoft External Staff
    2025-04-14T01:30:45.5133333+00:00

    Hello natalia,

    Please be informed that the "Managed Identities" tab appearing greyed out typically signifies that the Storage Sync Service has not been correctly registered or activated for managed identities. While possessing "Owner" permissions on the Storage Sync Service is essential, it does not automatically activate the service's managed identity. This permission allows you to execute the action, but the action still needs to be carried out.

    1. Navigate to your Storage Sync Service resource in the Azure portal.
    2. In the left-hand menu, look for "Identity" (it might be under "Settings").
    3. Within the "Identity" blade, you'll see a section for "System assigned."
    4. Change the "Status" to "On."
    5. Click "Save."

    Once you've enabled the system-assigned managed identity on the Storage Sync Service, you'll see an "Object ID" generated. This is the identity's principal ID. You will then need to grant that Object ID the "Storage File Data SMB Contributor" role on the storage account that the sync service will be using. The "Managed Identities" tab in the Registered Server section of the storage sync service will then become available, and the VM's managed identity can be used to register the server.

    Note- You must enable the managed identity on the Storage Sync Service itself, not just on the VMs, to resolve the greyed-out "Managed Identities" tab issue.

    Hope the above answer helps! Please let us know do you have any further queries.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. 

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.