Azure · zhoxing-ms · Mar 3, 2023 · Jan 29, 2023 · Feb 3, 2023 · Feb 27, 2023
@@ -2218,9 +2218,9 @@
 long-summary: This is required to authenticate and interact with other Azure services using bearer tokens.
 examples:
   - name: Enable the system assigned identity on a VM with the 'Reader' role.
-    text: az vm identity assign -g MyResourceGroup -n MyVm --role Reader --scope /subscriptions/db5eb68e-73e2-4fa8-b18a-0123456789999/resourceGroups/MyResourceGroup
-  - name: Enable the system assigned identity and a user assigned identity on a VM.
-    text: az vm identity assign -g MyResourceGroup -n MyVm --role Reader --identities [system] myAssignedId
+    text: az vm identity assign -g MyResourceGroup -n MyVm --role Reader --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup
+  - name: Enable the system assigned identity and a user assigned identity on a VM with the 'Reader' role.
+    text: az vm identity assign -g MyResourceGroup -n MyVm --role Reader --identities [system] myAssignedId --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup
 """
 
 helps['vm identity remove'] = """
@@ -3308,7 +3308,9 @@
 long-summary: This is required to authenticate and interact with other Azure services using bearer tokens.
 examples:
   - name: Enable system assigned identity on a VMSS with the 'Owner' role.
-    text: az vmss identity assign -g MyResourceGroup -n MyVmss --role Owner --scope /subscriptions/db5eb68e-73e2-4fa8-b18a-0123456789999/resourceGroups/MyResourceGroup
+    text: az vmss identity assign -g MyResourceGroup -n MyVmss --role Owner --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup
+  - name: Enable system assigned identity and a user assigned identity on a VMSS with the 'Owner' role.
+    text: az vmss identity assign -g MyResourceGroup -n MyVmss --role Owner --identities [system] myAssignedId --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup
   - name: Enable managed service identity on a VMSS. (autogenerated)
     text: |
         az vmss identity assign --identities readerId writerId --name MyVmss --resource-group MyResourceGroup

@@ -1077,7 +1077,11 @@ def load_arguments(self, _):
 
     for scope in ['vm identity assign', 'vmss identity assign']:
         with self.argument_context(scope) as c:
-            c.argument('identity_role', options_list=['--role'], help="Role name or id the system assigned identity will have")
+            c.argument('identity_role', options_list=['--role'],
+                       help='Role name or id the system assigned identity will have. '
+                            'Please note that the default value "Contributor" will be removed in the breaking change '
+                            'release of the fall, so please specify "--role" and "--scope" at the same time '
+                            'when assigning a role to the managed identity')
 
     with self.argument_context('vm auto-shutdown') as c:
         c.argument('off', action='store_true', help='Turn off auto-shutdown for VM. Configuration will be cleared.')

@@ -1269,6 +1269,12 @@ def _validate_vm_vmss_msi(cmd, namespace, is_identity_assign=False):
         if not namespace.identity_scope and role_is_explicitly_specified:
             raise ArgumentUsageError(
                 "usage error: please specify --scope when assigning a role to the managed identity")
+        if not role_is_explicitly_specified and namespace.identity_scope:
+            logger.warning(
+                "Please note that the default value of '--role' will be removed in the breaking change release of the "
+                "fall. So specify '--role' and '--scope' at the same time when assigning a role to the managed "
+                "identity to avoid breaking your automation script when the default value of '--role' is removed."
+            )
 
     # Assign managed identity
     if is_identity_assign or namespace.assign_identity is not None: