You create a Linux Azure virtual machine (VM) and enable the system-assigned identity. You want to use Managed Service Identity to allow the VM to access the Azure Resource Manager application programming interface (API).
Which three actions should you perform in sequence?
You need to perform the following steps in order:
1. Grant to the VM the Reader role for all resource groups.
2. Run the Invoke-WebRequest PowerShell cmdlet to retrieve an access token.
3. Call Azure Resource Manager using the access token.
You should grant to the VM the Reader role for all resource groups. This ensures that the VM can access resources in all resource groups. You must grant the Reader role before taking action to retrieve an access token.
Next, you should run the Invoke-WebRequest cmdlet to retrieve an access token. You extract the access token from the response, and then, finally, you call Azure Resource Manager using the access token.
You should not run the az identity create CLI command to specify the name of the system identity. You should run this command when you want to set the name of a user identity, not a system identity.
You should not grant to your account the Virtual Machine Contributor role. This role is required to create a VM with the system-assigned identity enabled. However, because the VM is already created with the system assigned identity enabled, your account already has the required permissions.