Report #68827
[bug\_fix] Azure Managed Identity Endpoint Not Reachable Locally
Exclude \`ManagedIdentityCredential\` from the \`DefaultAzureCredential\` chain when running locally, or ensure \`AzureCliCredential\` is available by running \`az login\`. For local development, set the \`AZURE\_CLIENT\_ID\`, \`AZURE\_CLIENT\_SECRET\`, and \`AZURE\_TENANT\_ID\` environment variables to use \`EnvironmentCredential\`, or use \`VisualStudioCredential\` if using Visual Studio.
Journey Context:
Developer writes an app using \`Azure.Storage.Blobs\` and \`DefaultAzureCredential\`. It works perfectly when deployed to Azure App Service \(using Managed Identity\). They clone the repo to their laptop, run it, and get \`CredentialUnavailableException: ManagedIdentityCredential authentication unavailable. No managed identity endpoint found.\` They check if they need to install the Azure Identity library, it's already there. They read that \`DefaultAzureCredential\` tries multiple credentials in order: Environment, ManagedIdentity, SharedTokenCache, AzureCLI, etc. They realize \`ManagedIdentityCredential\` tries to hit \`http://169.254.169.254/metadata/identity/oauth2/token\` \(IMDS endpoint\) which only exists inside Azure VMs. Locally, this times out or fails immediately. The fix is to ensure \`AzureCliCredential\` works \(via \`az login\`\) which comes later in the chain, or to explicitly exclude \`ManagedIdentityCredential\` from the chain using \`DefaultAzureCredentialOptions\` to avoid the timeout delay, or to use a Service Principal via environment variables locally.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-20T22:00:41.319505+00:00— report_created — created