diff --git a/changelogs/unreleased/6927-yanggangtony b/changelogs/unreleased/6927-yanggangtony
new file mode 100644
index 00000000000..a101231dfc8
--- /dev/null
+++ b/changelogs/unreleased/6927-yanggangtony
@@ -0,0 +1 @@
+Add MSI Support for Azure plugin.
diff --git a/pkg/util/azure/credential.go b/pkg/util/azure/credential.go
index 6d5e16ded3b..6c3cc9bd416 100644
--- a/pkg/util/azure/credential.go
+++ b/pkg/util/azure/credential.go
@@ -129,5 +129,14 @@ func newConfigCredential(creds map[string]string, options configCredentialOption
 		return nil, errors.Errorf("%s is required", CredentialKeyPassword)
 	}
 
+	//msiEndpoint
+	msiEndpoint := creds[CredentialMSI_ENDPOINT]
+	identityEndpoint := creds[CredentialIDENTITY_ENDPOINT]
+
+	if msiEndpoint != "" || identityEndpoint != "" {
+		o := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: options.ClientOptions, ID: azidentity.ClientID(clientID)}
+		return azidentity.NewManagedIdentityCredential(o)
+	}
+
 	return nil, errors.New("incomplete credential configuration. Only AZURE_TENANT_ID and AZURE_CLIENT_ID are set")
 }
diff --git a/pkg/util/azure/util.go b/pkg/util/azure/util.go
index 0b4cfa067ab..fee975b53b2 100644
--- a/pkg/util/azure/util.go
+++ b/pkg/util/azure/util.go
@@ -49,6 +49,12 @@ const (
 	CredentialKeyUsername                   = "AZURE_USERNAME"                      // #nosec
 	CredentialKeyPassword                   = "AZURE_PASSWORD"                      // #nosec
 
+	CredentialIMDS_ENDPOINT              = "IMDS_ENDPOINT"              // #nosec
+	CredentialIDENTITY_ENDPOINT          = "IDENTITY_ENDPOINT"          // #nosec
+	CredentialIDENTITY_HEADER            = "IDENTITY_HEADER"            // #nosec
+	CredentialIDENTITY_SERVER_THUMBPRINT = "IDENTITY_SERVER_THUMBPRINT" // #nosec
+	CredentialMSI_ENDPOINT               = "MSI_ENDPOINT"               // #nosec
+
 	credentialFile = "credentialsFile"
 )