Managed identities for Azure resources are a feature of Azure Active Directory (AD).
Two managed identity types are possible:
System-assigned managed identity
This type of managed identity is enabled directly on an Azure service instance. When the identity is enabled, Azure creates an identity for the instance in the Azure AD tenant that is trusted by the subscription of the instance. After the identity is created, the credentials are provisioned on the instance. The life cycle of a system-assigned identity is directly tied to the Azure service instance on which it is enabled. If the instance is deleted, Azure automatically cleans up the credentials and the identity in Azure AD.
User-assigned managed identity
This type of managed identity is created as a stand-alone Azure resource. Azure creates an identity in the Azure AD tenant that is trusted by the subscription in use. Then the identity can be assigned to one or more Azure service instances. The life cycle of a user-assigned identity is managed separately from the life cycle of the Azure service instances to which it is assigned.