MSI enable is now available after cluster creation

[anag2022]

Hi Team, I came across this doc on Managed Identity on AKS: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks#aks-access-to-azure:~:text=.%20You%20can%20enable%20this%20setting%20only%20during%20cluster%20creation.%20Even%20if%20Azure%20AD%20isn%27t%20used%20immediately%2C%20you%20can%20incorporate%20it%20later.

here it says that 'It's recommended that managed identities is enabled so that the cluster can interact with external Azure resources through Azure AD. You can enable this setting only during cluster creation. Even if Azure AD isn't used immediately, you can incorporate it later.'

even though, i think that now it is possible to enable MSI on an existing cluster: Use a managed identity in Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn

maybe it is needed to update the first doc? thanks!

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 46723a24-75ac-f6e2-c172-d3827ca0b7d6
• Version Independent ID: c975744e-e594-5667-14b3-c38824bbe24c
• Content: Baseline architecture for an AKS cluster - Azure Architecture Center
• Content Source: docs/reference-architectures/containers/aks/baseline-aks.yml
• Service: architecture-center
• Sub-service: reference-architecture
• GitHub Login: @PageWriter-MSFT
• Microsoft Alias: prwilk

[Naveenommi-MSFT]

@anag2022 Thank you for bringing this to our attention. I've delegated this to content author @PageWriter-MSFT, who will review it and offer their insightful opinions.

[Naveenommi-MSFT]

@PageWriter-MSFT Could you please review add comments on this, update as appropriate.