How to authenticate to Azure using user-assigned managed identities?

I’m trying to use a User-Assigned Managed Identity to authenticate to Azure instead of Azure CLI or a service principal (as documentation describes here - Azure Provider: Authenticating via Managed Identity | Guides | hashicorp/azurerm | Terraform Registry) but I just can’t get it working.

When I tried running it locally on my machine, it would lock up and not do anything (see my issue report Can’t authenticate to Azure using MSI - terraform hangs and nothing happens · Issue #16501 · hashicorp/terraform-provider-azurerm (, which after a back and forth between Hashicorp and Microsoft, I was told that apparently you can’t use this method of authentication unless you are running it from inside Azure (despite there being zero mention of this pretty big limitation anywhere in the Hashicorp documents).

So I tried running it in the Azure Cloud Shell and it’s not working there either, it ignores the environment variables telling it to use an MSI and it just uses my Azure CLI login instead.

How do I actually make this work? There’s no info anywhere on how this is supposed to work, and neither Microsoft nor Hashicorp seems able to figure out what’s supposed to happen and I keep getting told by one to ask the other.