---
title: Assignment restriction for managed identities (Preview)
description: Learn how assignment restrictions scope a user-assigned managed identity to one or more resource providers to improve security and resilience.
author: mmacy-msft
ms.author: marshmacy
ms.subservice: managed-identities
ms.topic: concept-article
ms.custom: msecd-doc-authoring-10012
ms.date: 04/24/2026
ai-usage: ai-assisted
#customer intent: As an Azure administrator, I want to understand assignment restriction for user-assigned managed identities so that I can scope identity usage to one or more resource providers and reduce security and operational risk.
---
## Note about supported Resource Providers and Resource Types in the Azure portal
> [!NOTE]
> Selecting **None** for resource assignment restrictions leaves the identity unrestricted, allowing it to be assigned to resources from any resource provider that supports managed identities.
>
> Configure resource assignment restrictions only when you want to limit identity assignment to specific resource providers. Be aware that the **Select Resource Types** list in the Azure portal may not include all supported resource providers and resource types.
---
title: Assignment restriction for managed identities (preview)
description: Learn how assignment restrictions scope a user-assigned managed identity to one or more resource providers to improve security and resilience.
author: mmacy-msft
ms.author: marshmacy
ms.subservice: managed-identities
ms.topic: concept-article
ms.custom: msecd-doc-authoring-10012
ms.date: 07/10/2026
ai-usage: ai-assisted
#customer intent: As an Azure administrator, I want to understand assignment restriction for user-assigned managed identities so that I can scope identity usage to one or more resource providers and reduce security and operational risk.
---
# Assignment restriction for user-assigned managed identities (preview)
Assignment restrictions, also known as resource restrictions, are a security feature for user-assigned managed identities that limit the resource providers an identity can be assigned to. Assignment restrictions are currently in preview. They let you isolate a managed identity to one or more resource providers so that it can't be reused across unrelated services.
When you configure assignment restriction, managed identity usage stays tightly scoped. This scoping reduces the blast radius of a compromised or misconfigured identity and helps improve both security and resilience.