Report #83369
[bug\_fix] ManagedIdentityCredential authentication unavailable. No managed identity endpoint found
Set the environment variables \`AZURE\_CLIENT\_ID\`, \`AZURE\_CLIENT\_SECRET\`, and \`AZURE\_TENANT\_ID\` for local development, or use \`AzureCliCredential\` directly instead of \`DefaultAzureCredential\` when running outside Azure, or ensure the code checks if running in Azure before using ManagedIdentityCredential. The root cause is that ManagedIdentityCredential attempts to reach the IMDS endpoint \(169.254.169.254\) which only exists inside Azure; locally this times out after 30 seconds, blocking the credential chain.
Journey Context:
Developer writes a .NET application using \`DefaultAzureCredential\` to connect to Azure Storage. It works when deployed to an Azure VM with System Assigned Managed Identity. The developer runs the same code locally for unit testing. The application hangs for 30-45 seconds then throws \`CredentialUnavailableException: ManagedIdentityCredential authentication unavailable. No managed identity endpoint found\`. The developer knows they have the Azure CLI installed and logged in, expecting DefaultAzureCredential to fall back to it. They enable detailed logging and see that ManagedIdentityCredential is attempted first, makes an HTTP request to \`http://169.254.169.254/metadata/identity/oauth2/token\` which times out after 30 seconds \(the default IMDS probe timeout\), and only then falls through to AzureCliCredential. To fix it locally without waiting 30 seconds, they must either set environment variables to use EnvironmentCredential first, or modify the code to use \`new ChainedTokenCredential\(new AzureCliCredential\(\)\)\` instead of DefaultAzureCredential for local execution.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-21T22:31:24.840165+00:00— report_created — created