Azure · JonathanCrd · Nov 12, 2025 · Nov 11, 2025 · Nov 11, 2025 · Nov 11, 2025
@@ -126,7 +126,7 @@ internal static TokenCredential CreateCredential(IConfiguration configuration)
 
                 if (!string.IsNullOrWhiteSpace(resourceId))
                 {
-                    return new ManagedIdentityCredential(new ResourceIdentifier(resourceId));
+                    return new ManagedIdentityCredential(ManagedIdentityId.FromUserAssignedResourceId(new ResourceIdentifier(resourceId)));
                 }
 
                 if (!string.IsNullOrWhiteSpace(objectId))
@@ -136,10 +136,15 @@ internal static TokenCredential CreateCredential(IConfiguration configuration)
 
                 if (!string.IsNullOrWhiteSpace(managedIdentityClientId))
                 {
-                    return new ManagedIdentityCredential(managedIdentityClientId);
+                    return new ManagedIdentityCredential(ManagedIdentityId.FromUserAssignedClientId(managedIdentityClientId));
                 }
 
-                return new ManagedIdentityCredential(clientId);
+                if (!string.IsNullOrWhiteSpace(clientId))
+                {
+                    return new ManagedIdentityCredential(ManagedIdentityId.FromUserAssignedClientId(clientId));
+                }
+
+                return new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);
             }
 
             if (string.Equals(credentialType, "workloadidentity", StringComparison.OrdinalIgnoreCase))

@@ -238,7 +238,7 @@ public void ResolvesDefaultClientByDefault()
         public void UsesProvidedCredentialIfOverGlobal()
         {
             var serviceCollection = new ServiceCollection();
-            var defaultAzureCredential = new ManagedIdentityCredential();
+            var defaultAzureCredential = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);
             serviceCollection.AddAzureClients(builder => builder.AddTestClientWithCredentials(new Uri("http://localhost")).WithCredential(defaultAzureCredential));
 
             ServiceProvider provider = serviceCollection.BuildServiceProvider();
@@ -251,7 +251,7 @@ public void UsesProvidedCredentialIfOverGlobal()
         public void UsesGlobalCredential()
         {
             var serviceCollection = new ServiceCollection();
-            var defaultAzureCredential = new ManagedIdentityCredential();
+            var defaultAzureCredential = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);
             serviceCollection.AddAzureClients(builder => {
                 builder.AddTestClientWithCredentials(new Uri("http://localhost"));
                 builder.UseCredential(defaultAzureCredential);

@@ -10,6 +10,8 @@
 
 ### Other Changes
 
+- Deprecated legacy `ManagedIdentityCredential` constructors. Use `ManagedIdentityCredential(ManagedIdentityId id)` or `ManagedIdentityCredential(ManagedIdentityCredentialOptions options)` instead for clearer intent when specifying system-assigned or user-assigned managed identity. ([#53800](https://github.com/Azure/azure-sdk-for-net/issues/53800))
+
 ## 1.17.0 (2025-10-07)
 
 ### Bugs Fixed

@@ -325,10 +325,12 @@ public partial class ManagedIdentityCredential : Azure.Core.TokenCredential
     {
         protected ManagedIdentityCredential() { }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        [System.ObsoleteAttribute("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")]
         public ManagedIdentityCredential(Azure.Core.ResourceIdentifier resourceId, Azure.Identity.TokenCredentialOptions options = null) { }
         public ManagedIdentityCredential(Azure.Identity.ManagedIdentityCredentialOptions options) { }
         public ManagedIdentityCredential(Azure.Identity.ManagedIdentityId id) { }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        [System.ObsoleteAttribute("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")]
         public ManagedIdentityCredential(string clientId = null, Azure.Identity.TokenCredentialOptions options = null) { }
         public override Azure.Core.AccessToken GetToken(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public override System.Threading.Tasks.ValueTask<Azure.Core.AccessToken> GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }

@@ -322,10 +322,12 @@ public partial class ManagedIdentityCredential : Azure.Core.TokenCredential
     {
         protected ManagedIdentityCredential() { }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        [System.ObsoleteAttribute("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")]
         public ManagedIdentityCredential(Azure.Core.ResourceIdentifier resourceId, Azure.Identity.TokenCredentialOptions options = null) { }
         public ManagedIdentityCredential(Azure.Identity.ManagedIdentityCredentialOptions options) { }
         public ManagedIdentityCredential(Azure.Identity.ManagedIdentityId id) { }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        [System.ObsoleteAttribute("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")]
         public ManagedIdentityCredential(string clientId = null, Azure.Identity.TokenCredentialOptions options = null) { }
         public override Azure.Core.AccessToken GetToken(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public override System.Threading.Tasks.ValueTask<Azure.Core.AccessToken> GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }

@@ -21,8 +21,8 @@ public static void AuthToStorage()
         string account1 = Environment.GetEnvironmentVariable("IDENTITY_STORAGE_NAME_1")!;
         string account2 = Environment.GetEnvironmentVariable("IDENTITY_STORAGE_NAME_2")!;
 
-        var credential1 = new ManagedIdentityCredential();
-        var credential2 = new ManagedIdentityCredential(new ResourceIdentifier(resourceId));
+        var credential1 = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);
+        var credential2 = new ManagedIdentityCredential(ManagedIdentityId.FromUserAssignedResourceId(new ResourceIdentifier(resourceId)));
         var client1 = new BlobServiceClient(new Uri($"https://{account1}.blob.core.windows.net/"), credential1);
         var client2 = new BlobServiceClient(new Uri($"https://{account2}.blob.core.windows.net/"), credential2);
         client1.GetBlobContainers().ToList();

@@ -44,6 +44,7 @@ protected ManagedIdentityCredential()
         /// </param>
         /// <param name="options">Options to configure the management of the requests sent to Microsoft Entra ID.</param>
         [EditorBrowsable(EditorBrowsableState.Never)]
+        [Obsolete("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")]
         public ManagedIdentityCredential(string clientId = null, TokenCredentialOptions options = null)
             : this(new ManagedIdentityClient(new ManagedIdentityClientOptions { ManagedIdentityId = string.IsNullOrEmpty(clientId) ? ManagedIdentityId.SystemAssigned : ManagedIdentityId.FromUserAssignedClientId(clientId), Pipeline = CredentialPipeline.GetInstance(options, IsManagedIdentityCredential: true), Options = options }))
         {
@@ -58,6 +59,7 @@ public ManagedIdentityCredential(string clientId = null, TokenCredentialOptions
         /// </param>
         /// <param name="options">Options to configure the management of the requests sent to Microsoft Entra ID.</param>
         [EditorBrowsable(EditorBrowsableState.Never)]
+        [Obsolete("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")]
         public ManagedIdentityCredential(ResourceIdentifier resourceId, TokenCredentialOptions options = null)
             : this(new ManagedIdentityClient(new ManagedIdentityClientOptions { ManagedIdentityId = ManagedIdentityId.FromUserAssignedResourceId(resourceId), Pipeline = CredentialPipeline.GetInstance(options, IsManagedIdentityCredential: true), Options = options }))
         {