DefaultAzureCredential from the Azure Identity SDK checks multiple sources in order: environment variables, managed identity, Azure CLI, and more.
In your code:
var credential = new DefaultAzureCredential();
var client = new BlobServiceClient(
new Uri("https://mystorage.blob.core.windows.net"),
credential);Locally it will use your az login session. In production it picks up the managed identity automatically.
Make sure you’re logged in:
az login
az account set --subscription "my-sub"Tip: Set AZURE_TENANT_ID environment variable if you have access to multiple tenants, so it doesn’t pick the wrong one.