A new field - contentManagedIdentity would be part of the policy definition.
This field can be used to download the policy package from storage blob using user assigned identities.
The identity is used to receive a token from IMDS which in turn is used to get the package from the storage account container blob.
Adding these fields is like a replacement to the sas url.
Custom policies that reference the resource ID of a User Assigned Identity are not supported on Arc machines. The generated policy definition will not include Arc enabled servers to prevent execution.
A new field - contentManagedIdentity would be part of the policy definition. This field can be used to download the policy package from storage blob using user assigned identities.
The identity is used to receive a token from IMDS which in turn is used to get the package from the storage account container blob.
Adding these fields is like a replacement to the sas url.
Custom policies that reference the resource ID of a User Assigned Identity are not supported on Arc machines. The generated policy definition will not include Arc enabled servers to prevent execution.