diff --git a/website/content/docs/configuration/server_join.mdx b/website/content/docs/configuration/server_join.mdx index 0559a836d..a9935bf3f 100644 --- a/website/content/docs/configuration/server_join.mdx +++ b/website/content/docs/configuration/server_join.mdx @@ -236,8 +236,20 @@ Use these configuration parameters when using Virtual Machine Scale Sets (Consul - `resource_group` - the name of the resource group to filter on. - `vm_scale_set` - the name of the virtual machine scale set to filter on. - When using tags the only permission needed is the `ListAll` method for `NetworkInterfaces`. When using - Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`. +When using tags the only permission needed is the `ListAll` method for `NetworkInterfaces`. When using +Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`. + + + +If the Nomad cluster is hosted on Azure, Nomad can use Managed Service Identities (MSI) to access Azure +instead of an environment variable, shared client id and secret. MSI must be enabled on the VMs or Virtual +Machine Scale Sets hosting Nomad. It is the preferred configuration since MSI prevents your Azure credentials +from being stored in Nomad configuration. When using MSI, the `tag_name`, `tag_value` and `subscription_id` +need to be supplied for Virtual machines. Be aware that the amount of time that Azure takes for the VMs to detect +the MSI permissions can be between a minute to an hour. + + + #### Google Compute Engine