In a previous post I was lamenting not having a way to obtained the managed service identity generated for an Azure resource, such as a Azure SQL logical server or a Web App from the Azure Resource Manager (ARM) template itself.

The issue was that the reference() function in an ARM template only returns the properties part of the resource definition, and the identity property is defined outside of that (at the same level as the resource id or the location).

It is now possible to do this thanks to a new parameter introduced in the reference() function in ARM. The new definition is:

reference(resourceName | resourceIdentifier, [apiVersion], ['Full'])

Notice the new, optional 'Full' parameter. When this is specified, the reference() function returns the complete resource definition, and not just the properties section. So we can obtain the generated identity easily using something like this:

    "outputs": {
        "sqlIdentity": {
            "value": "[reference(concat('Microsoft.Sql/servers/', parameters('sqlServerName')), '2015-05-01-preview', 'Full').identity.principalId]"

Tomas Restrepo

Software developer located in Colombia.